During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of the web server we figured it was configured to run PHP as well. The PUT method allows an attacker to place a file on the server. Uploading a web shell […]
I was reading the Joomla Update, http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads A bug in Joomla Core and having the criticality is always awesome to see 🙂 I decided to give the bug a look to see what the actual problem was. I looked at the diffs (changes made) to the latest version 2.5.14 https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 From the commits, there are […]
