Tab Content
No Recent Activity
About [s]

Basic Information

Signature


Garage4Hackers bugs for the community , of the community

We provide IT Security Service: Contact | Blog
Penetration Testing Service | Mobile Application Penetration Testing | Malware Removal and Cleanup

Statistics


Total Posts
Total Posts
272
Posts Per Day
0.08
General Information
Last Activity
05-16-2017 09:24 AM
Join Date
11-10-2010
Referrals
3

9 Friends

  1. "vinnu" "vinnu" is offline

    Security Researcher

    "vinnu"
  2. amolnaik4 amolnaik4 is offline

    Web Security Consultant

    amolnaik4
  3. b0nd b0nd is offline

    ... I am no Expert b0nd.g4h@gmail.com

    b0nd
  4. C0d3G33k C0d3G33k is offline

    Garage Newcomer

    C0d3G33k
  5. codeur codeur is offline

    Garage Newcomer

    codeur
  6. D4rk357 D4rk357 is offline

    Garage Member

    D4rk357
  7. fb1h2s fb1h2s is offline

    Security Researcher

    fb1h2s
  8. fravarski fravarski is offline

    Garage Newcomer

    fravarski
  9. Globz Globz is offline

    Garage Newcomer

    Globz
Showing Friends 1 to 9 of 9
View [s]'s Blog

Recent Entries

CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

by [s] on 07-20-2015 at 07:26 PM
Quote Originally Posted by [s] View Post
During my regular job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability remotely.

Oracle released Critical Patch Update containing security fixes for the Oracle E-Business Suite. This vulnerability is remotely

Read More

Categories
Uncategorized

WordPress Plugin – Revslider update captions CSS file critical vulnerability

by [s] on 03-27-2015 at 11:34 PM
Today being another day at work for SecureLayer7 to recover our client’s defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin.

Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet and as it turns out large number of web users online are affected, putting them to greater risk if not mitigated with a proper patch or an update.

Following

Read More

Categories
Uncategorized

Malware Cleanup: Analysis of an Undetectable web-shell code uploaded, RevSlider bug

by [s] on 03-09-2015 at 09:13 PM
I started my day with my regular Malware Cleanup activity and came across an interesting backdoor web shell file on the server. The server is not specific to any particular environment, it was one of the regularly updated WordPress package with the plugin RevSlider Plugin ver. 4.1.4 .

I initiated the process to detect the backdoors and web malwares, and got a hit on a malicious .htaccess file which was redirecting hxxp://m.mobi-avto.ru as shown below:

Read More

Categories
Uncategorized

CVE-2015-0235 – How to secure against Glibc Ghost Vulnerability

by [s] on 01-29-2015 at 10:13 AM
CVE-2015-0235 Ghost (glibc gethostbyname buffer overflow) Vulnerability is serious cause for all Linux servers. This vulnerability leveraged to execute remote and code execution on the victim Linux server. The vulnerability found By Qualys Researcher and patched in GNU.

What is the cause ?

The bug is in __nss_hostname_digits_dots() function of function of the GNU C Library (glibc), and location of the path is file for non-reentrant version is nss/getXXbyYY.c , which

Read More

Updated 01-29-2015 at 10:16 AM by [s]

Categories
Uncategorized