Videos

Thu
17
Jul
Editorial_Staff_Team's picture

VL Core Team published Blind SQL Injection Vulnerability with Video PoC to MSRC

Core Team published Blind SQL Injection Vulnerability with Video PoC to MSRC

In january 2014 a critical remote vulnerability has been reported to the microsoft security response center team. The issue has been patched during july by the manufacturer.

The SQL Injection vulnerability was located in the item.asp file. The vulnerable parameter to inject the sql commands is `item_id`. Remote attacker are able to inject own sql commands to the item_id value in the item.asp file GET method request. The issue is a blind injection and the attack type is boolean based.

Mon
14
Jul
Editorial_Staff_Team's picture

PayPal Inc MOS API Security Video Demonstration discovered - Filter Bypass & Multiple IVE Vulnerabilities

PayPal Inc MOS API Security Video Demonstration discovered!

The following video shows a live hacking session in the multiorder-shipping application of paypal inc by ateeq ur rehman khan, ibrahim mossad and benjamin kunz mejri. The different application-side vulnerabilities has been reported by the vulnerability laboratory in 2014 Q1-2.

All the visible security vulnerabilities are already reported and patched by the paypal dev team.

The advisories were accepted as part of the official ebay inc magento > paypal inc bug bounty program (2014). Feel free to watch the video and resources to understand the impact behind the issues in the mos api.

Pages

Subscribe to RSS - Videos