This whitepaper describes a vulnerability in older versions of the PHP upload module in FCKEditor (now CKeditor) that allows attackers to bypass file type checks and upload malicious PHP code. The vulnerability affects FCKEditor versions 2.6.4 and below. Attackers can exploit it by appending a null byte to the "current folder" parameter, which tricks the server into creating a PHP file instead of a text file. This allows execution of arbitrary code and full compromise of vulnerable servers. Updating to the latest FCKEditor version or modifying the "currentfolder" parameter are recommended to resolve the issue.
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Session on OWASP Top 10 Vulnerabilities presented by Aarti Bala and Saman Fatima. The session covered the below 4 vulnerabilities -
Injection,
Sensitive Data Exposure
Cross Site Scripting
Insufficient Logging and Monitoring
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Session on OWASP Top 10 Vulnerabilities presented by Aarti Bala and Saman Fatima. The session covered the below 4 vulnerabilities -
Injection,
Sensitive Data Exposure
Cross Site Scripting
Insufficient Logging and Monitoring
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
The process of penetration testing starts with the "Reconnaissance Phase". This phase, if performed carefully, always provides a winning situation. However, Often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins.
In "Weaponizing Recon - Weaponizing Recon - Shamshing Applications for Security Vulnerabilities & Profit", will cover the deepest and most interesting recon methodologies to be one step ahead of your competition and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. During the talk, we will cover:
1. Introduction to Recon
2. Basic Recon 101
3. Mapping Attack Surface with Basic Recon
4. Weaponizing Recon to Hit Attack Surface
5. Recon Hacks 101
6. Practical Offensive Recon
7. Automating Recon for Profit
8. Finding Vulnerabilities with Recon
9. Creating your own Recon Map
10. Practical Examples & Demonstrations
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksAndre Van Klaveren
A presentation of the OWASP Top 10 2017 release candidate, expected to be finalized in summer 2017. Presented at the St. Louis CYBER meetup on Wednesday, June 7, 2017.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
The process of penetration testing starts with the "Reconnaissance Phase". This phase, if performed carefully, always provides a winning situation. However, Often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins.
In "Weaponizing Recon - Weaponizing Recon - Shamshing Applications for Security Vulnerabilities & Profit", will cover the deepest and most interesting recon methodologies to be one step ahead of your competition and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. During the talk, we will cover:
1. Introduction to Recon
2. Basic Recon 101
3. Mapping Attack Surface with Basic Recon
4. Weaponizing Recon to Hit Attack Surface
5. Recon Hacks 101
6. Practical Offensive Recon
7. Automating Recon for Profit
8. Finding Vulnerabilities with Recon
9. Creating your own Recon Map
10. Practical Examples & Demonstrations
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksAndre Van Klaveren
A presentation of the OWASP Top 10 2017 release candidate, expected to be finalized in summer 2017. Presented at the St. Louis CYBER meetup on Wednesday, June 7, 2017.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
During the session we will go through different methods of exploiting file upload pages in order to trigger Remote Code Execution, SQL Injection, Directory Traversal, DOS, Cross Site Scripting and else of web application vulnerabilities with demo codes. Also, we will see things from both Developers and Attackers side. What are the protections done by Developers to mitigate file upload issues by validating File Name, File Content-Type, actual File Content and how to bypass it All using 15 Technique!
News web app which gives updated news. The news is been fetched from the different news website. This project is made by using Flask framework and python.
The Source code is available at: https://github.com/prateek-code-22/News-App
If you find it useful add STAR to it.
Thanks :)
The presentation is contains the Overview of the Hawkeye Malware. you will find the execution working flow and how this malware spread across the network inside this presentation
This document contains various methods to hack or pentest the web-server and web-applications.
1. A person can use it as hand book for hacking websites.
2. All contents of these hand book is searched and taken out from various other websites & blogs...
3. Use these knowledge for education purpose only.
Create Your Own Framework by Fabien PotencierHimel Nag Rana
This is a combined form of series of articles by Fabien Potencier - the author of Symfony Framework. I have collected and converted them as this ebook for storing and sharing purpose.
Similar to File upload-vulnerability-in-fck editor (20)
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. Exploiting PHP Upload Module of FCKEditor
TABLE OF CONTENTS
Abstract .............................................................. 4
Introduction......................................................... 4
Exploits ............................................................... 4
The Attack Scenario .............................................. 5
Vulnerable Versions ............................................ 15
Impact .............................................................. 15
Recommended Resolutions .................................. 15
About The Authors .............................................. 17
About SecurEyes ................................................ 17
Addendum* ....................................................... 17
3
3. Exploiting PHP Upload Module of FCKEditor
Abstract
The PHP file upload module in FCKEditor allows developers to offer file upload
functionality to end users. This paper describes a vulnerability which allows attackers
to bypass file-type checks in this module and upload malicious PHP code into the web
servers.
Introduction
FCKEditor (now CKeditor) is an open source WYSIWYG text editor from CKSource
that can be integrated into web applications, to give end users word processor like
interface. FCK stands for ‘Frederico Caldeira Knabben’, the creator of the project, and
the first version was released in 2003.
This editor supports many server side languages like ASP, ASP.NET, PHP etc. The PHP
upload module, for PHP web applications, has a vulnerability which allows remote
attackers to bypass file-type checks. This vulnerability was discovered during the
course of our website audit work.
The vulnerability affects FCKEditor versions 2.6.4 and below.
Note: A different recently discovered vulnerability in the ASP.NET connector file allows
attackers to upload malicious ASP code into vulnerable servers.
Exploits
FCKEditor has built-in ‘filemanager’ package, which allows developers to offer a file
upload and management module to web site end users. For PHP web applications, one
of the relevant files is ‘upload.php’, which is available at the following location:
<site name><fckeditor>/editor/filemanager/connectors/php/upload.php
This file allows end users to upload files into the web server. It has a built in file-type
checker which does not allow PHP files to be uploaded, but a new vulnerability allows
remote attackers to bypass this vulnerability.
4
4. Exploiting PHP Upload Module of FCKEditor
The Attack Scenario
A website, http://www.vulnerable123.com, has integrated FCKEditor version 2.6.4.
For the sake of this proof-of-concept, it is assumed that the test page,
‘uploadtest.html’, packaged with FCKEditor, has not been removed. Also, assume
that there is no session-based access control check on any of the FCKEditor files,
including ‘upload.php’, allowing remote attackers to access them without
authentication.
An attacker browses to the File Upload test page at the URL:
http://www.vulnerable123.com/admin/FCKeditor_2.6.4/editor/filemanager/connectors
/uploadtest.html
He selects the ‘File Uploader’ as PHP, ‘Resource Type’ as File and selects a ‘.txt’ file.
5
5. Exploiting PHP Upload Module of FCKEditor
The file was successfully uploaded as shown below.
6
6. Exploiting PHP Upload Module of FCKEditor
The uploaded file location can be seen by browsing to the above encircled location.
http://www.vulnerable123.com/userfiles/test.txt
The raw HTTP traffic for this transaction, as intercepted in an HTTP proxy, has the
following structure:
7
7. Exploiting PHP Upload Module of FCKEditor
Next, the attacker tries to upload a PHP file.
8
8. Exploiting PHP Upload Module of FCKEditor
On clicking the ‘Send it to the Server’ button, the file doesn’t get uploaded and the
following ‘Invalid File’ message was displayed:
From the above screen, it is evident that ‘upload.php’ implements a file-type check
on all uploaded files. This check can be bypassed in the following way:
Step#1: The attacker enters malicious PHP code into a ‘.txt’ file, which is valid file-
type. Following is the malicious PHP content in the ‘exploit.txt’ file.
9
9. Exploiting PHP Upload Module of FCKEditor
Step#2: The attacker clicks on the ‘Send it to the Server’ button and captures the
request in an HTTP proxy:
10
10. Exploiting PHP Upload Module of FCKEditor
He appends the following string to the value of the URL parameter ‘Current Folder’.
command.php%00
11
11. Exploiting PHP Upload Module of FCKEditor
Note: In the above screenshot ‘%00’ in the string is the Null Byte.
The file was successfully updated as shown below:
The attacker browses to the uploaded file URL and confirms that the malicious file has
been uploaded: http://www.vulnerable123.com/userfiles/command.php
12
12. Exploiting PHP Upload Module of FCKEditor
He enters a system command as shown below and clicks on the ‘Search’ button.
dir C:xampphtdocsadmin
He is shown the following details:
13
13. Exploiting PHP Upload Module of FCKEditor
List of files and
folders in the
‘admin’ directory
The above screenshot shows that the command displayed the directory listing of the
mentioned folder.
What’s going on?
1) There is a proper validation for the file type in the ‘filename’ parameter.
2) The ‘exploit.txt’ file is uploaded successfully because ‘.txt’ is an allowed file-
type.
3) The text file contains malicious PHP code, but since the server does not execute
text files, it does not pose a security risk.
4) Instead of the ‘exploit.txt’ file, however, ‘command.php’ file is created on the
server.
5) Moreover, the content of ‘command.php’ is the same as the content of
‘exploit.txt’ file.
This happens because:
1) The ‘currentfolder’ URL parameter value gives the name of a sub-folder, in the
upload folder where the file will be uploaded.
2) By inserting the ‘%00’ null byte character at the end of the sub-folder name, it
is possible to create a new file instead of a new folder.
14
14. Exploiting PHP Upload Module of FCKEditor
3) This happens because the path of the file to be created looks like the following:
/root/mysite/userfiles/command.php%00/exploit.txt
4) As the server ignores everything after the null byte, a new file is created called
‘command.php’ with the following location:
/root/mysite/userfiles/command.php
Vulnerable Versions
This vulnerability affects FCKEditor versions 2.6.4 and below.
Impact
The impact of the above findings is SEVERE since attackers can upload malicious files,
like web shells and completely compromise affected web servers.
Recommended Resolutions
These are some of the measures that should be taken to remove this vulnerability
1. Older versions of FCKEditor should be replaced with latest version of FCKEditor
(CKEditor 3.6.6) to thwart the above vulnerabilities.
2. For FCKEditor of version 2.6.4 and less, the ‘currentfolder’ parameter can be
disabled with the following code changes in the upload.php file:
‘sCurrentFolder = GetCurrentFolder()’ should be replaced with
‘sCurrentFolder = "/"’
15
16. Exploiting PHP Upload Module of FCKEditor
About The Authors
Anant Kochhar, Utkarsh Bhatt and Sabyasachi Samanta are Information Security
Consultants and they have, between them, secured several web applications. They can
be reached at anant.kochhar@secureyes.net, utkarsh.bhatt@secureyes.net and
sabyasachi.samanta@secureyes.net respectively.
About SecurEyes
SecurEyes is a Bangalore based firm specializing in IT security. SecurEyes offers a
wide range of security services and products to its clients. For more information,
please visit our website: http://www.secureyes.net/.
Addendum*
While we discovered this vulnerability independently and during the course of our
work, it has recently come to our attention that this vulnerability was already in the
public realm. This was an honest oversight on our part and we did not intend to take
the credit away from those who discovered and disclosed this vulnerability first. More
information is available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
2009-2265
17