Category Web Security

webERP <=4.08.4 SQL Injection Vulnerability

Overview webERP is a mature open-source ERP system providing best practice, multi-user business administration and accounting tools over the web. The vulnerability sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu. Lack of input validation of…

Silent Backdoor with Weevely

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5): Where: -p = your password to…

How to: SQLMap (dump and destroy)

SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i…

OWASP ModSecurity Core Ruleset

ModSecurity is a good starting point to secure your web site. OWASP provides the core rule set (CRS) for ModSecurity rules against the most critical web application attack. From OWASP: ModSecurity is an Apache web server module that provides a…