Monday, June 1, 2015

Stegosploit : Malicious Code In Pictures

stegosploit

Stegosploit: Hacking With Images

The Security Researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an image to trigger a drive-by download.

The Stegosploit digital steganography project could open new scary scenarios for Internet users that could be infected by viewing a picture on any website, even without clicking on it or downloading it. The image could be the container for the priming of the malware. Shah has no doubts, Stegosploit could be the future of online attacks.

Technical Details and explain in the video 



Wednesday, March 11, 2015

WordPress SEO by Yoast Plugin Vulnerability Affects Millions



WordPress SEO by Yoast Plugin

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers.

The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO).

The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’.

All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today.


Thursday, February 26, 2015

Got listed in Oracle Hall of Fame Page

Oracle Hall of Fame

Got listed in Oracle Hall of Fame Page

Security Researcher Acknowledgments for Oracle has listed me in the hall of fame security researchers page for finding and reporting multiple security vulnerabilities in the Oracle main site .

link : http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml



Oracle Hall of Fame




Tuesday, October 21, 2014

Got listed in ebay Hall of Fame Page

Security Researchers Acknowledgment

Got listed in ebay Security Researchers Acknowledgment

Security Researcher Acknowledgments for ebay has listed me in the hall of fame security researchers page because of  finding and reporting two security vulnerabilities in the ebay site .

 Link : http://ebay.com/securitycenter/ResearchersAcknowledgement.html


Ebay Security Researchers Acknowledgment