Security News #0x2B
- The folks at the Penetration Testing Lab have a demo showing how to use sqlmap to exploit SQL injection opportunities. In their demo, they use the tool to go after Damn Vulnerable Web Application (DVWA).
- The joy at the Penetration Testing Lab continues, as they give an example on how to use a web proxy to evade file upload restrictions on a web site.
- CERT announced that Samsung printers use a hardcoded SNMP read/write community string. Some technical details can be found here, while Violet Blue provides some reporting at ZDNet.
- Sensepost shows how to identify a Skype user’s internal and external IP address.
- Gal Badishi has a nice discussion of the technical details behind exploiting MS10-087, a vulnerability in various versions of MS Word.
- Ars Technica shows how to set up an Nginx server on Ununtu 12.04 server. In the second entry in the series, they show how to add SSL/TLS support.
- It looks like some FTP/SFTP clients expose a JSON containing connection credentials; see this entry on the Sucuri Blog.
- This summer, I mentioned that Python can be used to hook Windows API calls. As you might expect, this can also be done in other languages, and Adam Driscoll shows to to do so with Power Shell.