The Blog

This article aims to share the results of our experience of penetration tests carried out on websites built with WebDev and the HFSQL database. It is written for pentesters and security researchers who wish to study the security of these technologies, but also for curious developers.

We will see in particular the possibilities offered by HFSQL in the event of SQL injections, how to authenticate on an accessible HFSQL service, as well as the replication of a local WebDev environment to study its security.

Build a PrestaShop module in order to have an RCE when obtaining administrator access during a pentest.

Vladimir discovered a critical vulnerability that could be exploited by an unauthenticated attacker. It provides access to a competitor’s entire customer file, prospects, suppliers, and potentially employee information if a contact file exists. Both public and private notes can also be retrieved. Very easy to exploit, it affects Dolibarr 16.x versions.

Technical details on the vulnerability discovered by Vladimir and affecting the Centreon Map extension.

SQLmap is an automated SQL injection tool.
It is very practical in pentests to send a lot of payloads, and find injections that would have gone unnoticed with basic manual tests.
However, some SQL injections require the pentester to script the exploit himself: injections too complex to be detected by sqlmap, server too unstable, and other edge cases.

Some lesser known features of SQLmap can still allow its use despite complex use cases.

Vladimir had the opportunity to test the security of the Windchill PLM software published by PTC during an intrusion test mission.

Using basic website security auditing techniques, he discovered a vulnerability affecting all versions of the software. It allowed him to read the configuration files accessible in the application folder.

The article exposes the methodology used to find a flaw in a network protocol used by the KeyShot software.

Learn how to quickly test the security of your WordPress site with the wpscan tool and some pentester tips.

HTTP headers are sent to browsers by web servers in their responses to users’ HTTP requests. They are not directly visible in the browser but they are essential: they define cookies, govern the interpretation of content and cache settings, but also the security of the browser.
Certain HTTP headers must be included in order to follow good security practices: they make it possible to reinforce the security of the web browsers of the users of your websites. Moreover, in the event of absence, the security auditors and vulnerability scanners will almost systematically raise it as a weakness.