30 Mar 2014, 12:00

Multiple Vulnerabilities in ionCube Loader-wizard

In a recent security audit I spotted a file on the server which caught my attention: loader-wizard.php.

After calling the file via a Browser I noticed it’s part of ionCubes encoding and obfuscation software. The software can be found on ionCubes Homepage.

Read more

14 Nov 2013, 22:05

SQL-Injection and XSS in All-in-one-event-calendar Wordpress Plugin

During a recent security audit I found multiple vulnerabilities in the Wordpress plugin “all-in-one-event-calendar”. There is a lite version provided through the Wordpress site (http://wordpress.org/plugins/all-in-one-event-calendar/), and a standard version provided through a third party site (http://time.ly/). Both versions were tested and are vulnerable to the reported issues.

PS: There is also a paid pro version. This was not tested but it’s likely also vulnerable to the mentioned issues.

Read more

13 Nov 2013, 17:44

Analyzing HP Thinpro Firmware

Today I got my hands on a HP t510 Thinclient and wanted to analyze the OS and running services (apparently it’s running Ubuntu 10.04.4 LTS). Here is my solution to run the Firmware in a VMware Infrastructure, or simply mount the image for browsing.

Read more