CVE-2015-4670: Directory Traversal to Remote Code Execution in AjaxControlToolkit

Jun 22, 15 CVE-2015-4670: Directory Traversal to Remote Code Execution in AjaxControlToolkit

Posted by in Application Security, Research

The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution. This vulnerability has been issued CVE-2015-4670. It is recommended to update to the latest version of AjaxControlToolkit to resolve this issue. It is also...

read more

Find and Exploit Cross Site Scripting (XSS) Flaws

Feb 10, 14 Find and Exploit Cross Site Scripting (XSS) Flaws

Posted by in Application Security, Research, XSS

How to Find and Exploit Cross Site Scripting (XSS) Vulnerabilities In a previous post, How to Prevent Cross Site Scripting, I explain how to prevent Cross Site Scripting (XSS) issues. This article will demonstrate a simple approach how to identify and exploit cross site scripting vulnerabilities. Meet our target.. I am using an old...

read more

Trust But Verify: Reversing .NET Applications and Libraries

Jan 09, 14 Trust But Verify: Reversing .NET Applications and Libraries

Posted by in Research, Reversing

“Trust But Verify” is a phrase that gets thrown around a lot especially in the auditing world. The phrase is useful in the civilized world, where people are generally honest. The phrase is NOT useful when it comes to trusting binaries on the internet, which should be considered the wild wild west at all times. A little...

read more