Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Launching replay attacks against the Wells Fargo Wallet service
The Wells Fargo Wallet service is susceptible to replay attacks, where an attacker may intercept a transaction through an altered PoS or fake terminal, steal the sensitive token, and replay the token later.
Three Non Web-based XSS Injections
In this post guest blogger Alejandro Hernandez (nitr0us) writes about some interesting and fun XSS vectors which are not commonly seen.
Belkin Wemo Switch NMap Scripts
Belkin Wemo Switch Smart Plug is a network controlled power outlet. The current firmware version does not requiere authentication to switch the power ON or OFF or to gather information such as nearby wireless networks. Two NMap scripts have been published
New publication: Mastering the Nmap Scripting Engine
We invite you to learn more about the latest publication from our team, "Mastering the Nmap Scripting Engine".
Downloading an Application's Entire Source Code Through an Exposed GIT Directory
Website administrators sometimes inadvertently leave an exposed .git directory, from which it is possible to download the entire source code of the web application using just wget and a common server misconfiguration.
Backdoors in Zhone GPON 2520 and Alcatel Lucent I240Q
While examining the "dropbear" binary for the Zhone GPON 2520 and Alcatel Lucent I240Q, we found that both routers have backdoors that allow users with SSH access to connect to these devices with maximum privileges.