Surviving the Week 07/27/2012

CodeIgniter 2.1.1 Cross Site Scripting Bypass

CodeIgniter is an open source Web Application Framework that helps authors write PHP applications. Version 2.1.1 of CodeIgniter suffers from a cross site scripting filter bypass vulnerability.

Filtering only is not a good approach to protect against cross site scripting attack. Cross Site scripting is a very common attack with high success. Test your application with NTOSpider to verify whether your application is XSS proof.

Drupal Location 6.x / 7.x Access Bypass

Drupal is a free and open-source content management system (CMS) and content management framework (CMF) written in PHP. It is used as a back-end system for at least 2.1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including and It is also used for knowledge management and business collaboration. Drupal Location third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

Record number of phishing websites in the wild

Is it any surprise that USA remains the top nation for hosting phishing based trojans? If this were an Olympic event, we’d get an easy gold!  Also China continues to be the most affected country. Another gold winner!

SQL injections becoming favored attack route

SQL injections were the attack vector for the recent compromises at LinkedIn, Yahoo and eHarmony.  A cloud hosting company, Firehost, has posted their findings on attack traffic blocked for their customers over the past quarter.  It appears that more automated tools are out searching for more lucrative targets vulnerable to SQLi.

DEF CON to Host NSA Chief General Alexander – He’s Off Limits for ‘Spot the Fed’

If you were at DefCon and missed General Alexander’s talk, you really missed out. He is a highly engaging speaker. If you were there, post a comment to this post and let us know what you took away from it.

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.