The Blog
Find our latest news here!
WebDev websites pentest
This article aims to share the results of our experience of penetration tests carried out on websites built with WebDev and the HFSQL database. It is written for pentesters and security researchers who wish to study the security of these technologies, but also for curious developers.
We will see in particular the possibilities offered by HFSQL in the event of SQL injections, how to authenticate on an accessible HFSQL service, as well as the replication of a local WebDev environment to study its security.
Prepare and optimize your security audits
Whether or not you are experienced in the pentest exercise, you will find in this article some points allowing you to prepare your security audit well by making sure you have the necessary information and reflexes before consulting your service providers, but also to maximize your return on investment.
Admin PrestaShop RCE “à la WordPress”
Build a PrestaShop module in order to have an RCE when obtaining administrator access during a pentest.
Dolibarr : unauthenticated contacts database theft
Vladimir discovered a critical vulnerability that could be exploited by an unauthenticated attacker. It provides access to a competitor’s entire customer file, prospects, suppliers, and potentially employee information if a contact file exists. Both public and private notes can also be retrieved. Very easy to exploit, it affects Dolibarr 16.x versions.
Centreon map vulnerability
Technical details on the vulnerability discovered by Vladimir and affecting the Centreon Map extension.
SQLmap: advanced use
SQLmap is an automated SQL injection tool.
It is very practical in pentests to send a lot of payloads, and find injections that would have gone unnoticed with basic manual tests.
However, some SQL injections require the pentester to script the exploit himself: injections too complex to be detected by sqlmap, server too unstable, and other edge cases.
Some lesser known features of SQLmap can still allow its use despite complex use cases.
Windchill vulnerability
Vladimir had the opportunity to test the security of the Windchill PLM software published by PTC during an intrusion test mission.
Using basic website security auditing techniques, he discovered a vulnerability affecting all versions of the software. It allowed him to read the configuration files accessible in the application folder.
KeyShot Vulnerability
The article exposes the methodology used to find a flaw in a network protocol used by the KeyShot software.
Test the security of your WordPress website
Learn how to quickly test the security of your WordPress site with the wpscan tool and some pentester tips.
HTTP header security
HTTP headers are sent to browsers by web servers in their responses to users’ HTTP requests. They are not directly visible in the browser but they are essential: they define cookies, govern the interpretation of content and cache settings, but also the security of the browser.
Certain HTTP headers must be included in order to follow good security practices: they make it possible to reinforce the security of the web browsers of the users of your websites. Moreover, in the event of absence, the security auditors and vulnerability scanners will almost systematically raise it as a weakness.