Monthly Archives: January 2012

silverstripe CMS persistent XSS vulnerabilties

Hi all,

Yet another bug found, in the silverstripe CMS. 🙂
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS

* Persistent XSS vulnerability

The page title module of this CMS is vulnerable to persistent XSS.

Exploit:

PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/

Greets to side-effects and Taashu 🙂

10 Linux security tools for system administrators

Hi all,

In recent times, the security aspect of information technology has received considerable attention, and large organizations have dedicated security teams to keep tabs on vulnerabilities in their systems and take preventive or corrective action as appropriate. The same level of commitment to maintaining security may not be seen in most SMBs, but the fact remains that any gaps in security could have disastrous consequences for all businesses, regardless of their size.

Security need not always be a hugely expensive affair. In this article, we shall cover Linux-based security tools and distributions, which can be used for penetration testing, forensics, reverse engineering, and so on.

1. Wireshark – Network Packet analyser
2. NMAP – Network scanner
3. ClamAV, chkrootkit and Rootkit hunter – antivirus and malware hunters
4. SNORT – IDS tool
5. NIKTO – Web scanner
6. Metasploit – Exploit development framework
7. Nessus – Vulnerability scanner
8. SPIKE – fuzzer
9. Ollydbg – Debugger
10. Linux Security Distros like Backtrack, Remnux and Matriux

For complete article with details on the tools, check out my column on SearchSecurity.IN. You can read the complete article by scrolling down, all the way to the bottom of the page, skipping the registration part at:

http://searchsecurity.techtarget.in/tip/10-Linux-security-tools-for-system-administrators

Cheers
3ps!l0nLaMbDa