WordPress Authenticated SQL Injection

By

Jijith Rajan

Published on

29 Jun 2022

Vulnerability

SQL Injection

An authenticated SQL injection is an injection attack of using wrong solutions for database abstraction library. Successful exploitation can have catastrophic effects on the whole WordPress ecosystem. Th WordPress versions before WordPress 2.3.0-4.7.5.

Impact

Depending on the back-end database configuration, its privilege setup and the operating system, a hacker can mount one or more of the following type of attacks :

Reading, updating and deleting arbitrary data/tables from the database.
Executing commands on the underlying operating system.

Mitigation / Precaution

Automated human-like penetration testing for your web apps & APIs

Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by

Jijith Rajan

Cyber Security Engineer

Find website security issues in a flash

Improve your website's security posture with proactive vulnerability detection.

Free website security assessment

Related Articles

Misconfigured Docker on Default Port

Misconfigured Docker on Default Port

Cyber Security Engineer

PHP register-globals is enabled

PHP register-globals is enabled

Cyber Security Engineer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

Cyber Security Engineer

CVE-2024-34102: Magento open source affected by an improper restriction of XXE vulnerability

CVE-2024-34102: Magento open source affected by an improper restric...

Product Marketing Specialist

PHP display_errors is on

PHP display_errors is on

Co-founder, Director

CVE-2024-4577: Everything you need to know about PHP CGI Argument Injection vulnerability

CVE-2024-4577: Everything you need to know about PHP CGI Argument I...

Product Marketing Specialist

Remote Code Execution (RCE)

Remote Code Execution (RCE)

Co-founder, Director

WordPress PHP Object Injection

WordPress PHP Object Injection

Cyber Security Engineer

Modern TLS compatibility

Modern TLS compatibility

Co-founder, Director

Dockerrun AWS configuration exposure

Dockerrun AWS configuration exposure

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress blind SQL injection

WordPress blind SQL injection

Cyber Security Engineer

Server vulnerabilities and misconfiguration for sensitive information

Server vulnerabilities and misconfiguration for sensitive information

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Server Side Request Forgery (SSRF)

WordPress Server Side Request Forgery (SSRF)

Cyber Security Engineer

Regular expression Denial of Service vulnerability (ReDoS)

Regular expression Denial of Service vulnerability (ReDoS)

Cyber Security Lead Engineer

Insecure Direct Object References

Insecure Direct Object References

Cyber Security Engineer

Web based mail package

Web based mail package

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

/WEB-INF Source Code Exposure

/WEB-INF Source Code Exposure

Anandhu Krishnan

Anandhu Krishnan

Blind Server-Side Template Injection

Blind Server-Side Template Injection

Anandhu Krishnan

Anandhu Krishnan

Server-Side Template Injection

Server-Side Template Injection

Anandhu Krishnan

Anandhu Krishnan

SQL Injection (SQLite)

SQL Injection (SQLite)

Anandhu Krishnan

Anandhu Krishnan

SQL Injection (MySQL)

SQL Injection (MySQL)

Anandhu Krishnan

Anandhu Krishnan

SQL Injection Vulnerability

SQL Injection Vulnerability

Anandhu Krishnan

Anandhu Krishnan

PII Disclosure via WebSocket

PII Disclosure via WebSocket

Anandhu Krishnan

Anandhu Krishnan

Time-Based NoSQL Injection (MongoDB)

Time-Based NoSQL Injection (MongoDB)

Anandhu Krishnan

Anandhu Krishnan

SOAP XML Injection Vulnerability

SOAP XML Injection Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Reflected Cross Site Scripting

Reflected Cross Site Scripting

Cyber Security Engineer

Cloud Metadata Disclosure

Cloud Metadata Disclosure

Anandhu Krishnan

Anandhu Krishnan

Anandhu Krishnan

Anandhu Krishnan

SOAP Action Header Spoofing

SOAP Action Header Spoofing

Anandhu Krishnan

Anandhu Krishnan

EL Injection (Expression Language Injection)

EL Injection (Expression Language Injection)

Anandhu Krishnan

Anandhu Krishnan

Padding Oracle Attack

Padding Oracle Attack

Anandhu Krishnan

Anandhu Krishnan

MD4/MD5 Hash Exposure

MD4/MD5 Hash Exposure

Anandhu Krishnan

Anandhu Krishnan

Image Privacy Data Exposure

Image Privacy Data Exposure

Anandhu Krishnan

Anandhu Krishnan

XSS via User Controllable JavaScript Event

XSS via User Controllable JavaScript Event

Anandhu Krishnan

Anandhu Krishnan

XSLT Injection Attack

XSLT Injection Attack

Anandhu Krishnan

Anandhu Krishnan

XML Entity Expansion Attack

XML Entity Expansion Attack

Anandhu Krishnan

Anandhu Krishnan

WebSocket via Private IP Leak

WebSocket via Private IP Leak

Anandhu Krishnan

Anandhu Krishnan

WebSocket Error Information Leak

WebSocket Error Information Leak

Anandhu Krishnan

Anandhu Krishnan

WebSocket Debug Message Leak

WebSocket Debug Message Leak

Anandhu Krishnan

Anandhu Krishnan

Username Hash Leak via WebSocket

Username Hash Leak via WebSocket

Anandhu Krishnan

Anandhu Krishnan

Username Hash Detected

Username Hash Detected

Anandhu Krishnan

Anandhu Krishnan

User-Controlled HTML Attribute (XSS Risk)

User-Controlled HTML Attribute (XSS Risk)

Anandhu Krishnan

Anandhu Krishnan

User Agent Header Fuzzing

User Agent Header Fuzzing

Anandhu Krishnan

Anandhu Krishnan

Use of Vulnerable JavaScript Functions

Use of Vulnerable JavaScript Functions

Anandhu Krishnan

Anandhu Krishnan

Unsafe HTTP Method

Unsafe HTTP Method

Anandhu Krishnan

Anandhu Krishnan

Unrestricted File Upload Vulnerability

Unrestricted File Upload Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Unix Timestamp Exposure

Unix Timestamp Exposure

Anandhu Krishnan

Anandhu Krishnan

Trace.axd Information Disclosure

Trace.axd Information Disclosure

Anandhu Krishnan

Anandhu Krishnan

Tabnabbing Attack

Tabnabbing Attack

Anandhu Krishnan

Anandhu Krishnan

SVN Repository Exposure

SVN Repository Exposure

Anandhu Krishnan

Anandhu Krishnan

Suspicious Comments Leak

Suspicious Comments Leak

Anandhu Krishnan

Anandhu Krishnan

Suspicious Comments in XML Leak via WebSocket

Suspicious Comments in XML Leak via WebSocket

Anandhu Krishnan

Anandhu Krishnan

Spring Actuator Endpoint Exposure

Spring Actuator Endpoint Exposure

Anandhu Krishnan

Anandhu Krishnan

Split ViewState Configuration

Split ViewState Configuration

Anandhu Krishnan

Anandhu Krishnan

Session ID Leakage via Referer Header

Session ID Leakage via Referer Header

Anandhu Krishnan

Anandhu Krishnan

Session ID in URL Parameters

Session ID in URL Parameters

Anandhu Krishnan

Anandhu Krishnan

Sensitive Data in URL

Sensitive Data in URL

Anandhu Krishnan

Anandhu Krishnan

Proxy Information Disclosure

Proxy Information Disclosure

Anandhu Krishnan

Anandhu Krishnan

Private IP Disclosure

Private IP Disclosure

Anandhu Krishnan

Anandhu Krishnan

Potential Username Enumeration

Potential Username Enumeration

Anandhu Krishnan

Anandhu Krishnan

PHP Source Code Exposure

PHP Source Code Exposure

Anandhu Krishnan

Anandhu Krishnan

Path Traversal Vulnerability

Path Traversal Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Parameter Pollution Attack

Parameter Pollution Attack

Anandhu Krishnan

Anandhu Krishnan

Cacheable and Storable Content

Cacheable and Storable Content

Anandhu Krishnan

Anandhu Krishnan

Non-Cachable Content

Non-Cachable Content

Anandhu Krishnan

Anandhu Krishnan

Multiple Redirects Detected (Potential Info Leak)

Multiple Redirects Detected (Potential Info Leak)

Anandhu Krishnan

Anandhu Krishnan

Missing Subresource Integrity (SRI) Attribute

Missing Subresource Integrity (SRI) Attribute

Anandhu Krishnan

Anandhu Krishnan

Loose Cookie Security Detection

Loose Cookie Security Detection

Anandhu Krishnan

Anandhu Krishnan

JSON Web Token (JWT) Vulnerability

JSON Web Token (JWT) Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Java Deserialization Vulnerability

Java Deserialization Vulnerability

Anandhu Krishnan

Anandhu Krishnan

IP Addresses in ViewState

IP Addresses in ViewState

Anandhu Krishnan

Anandhu Krishnan

Integer Overflow Vulnerability

Integer Overflow Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Insecurely Scoped Cookie

Insecurely Scoped Cookie

Anandhu Krishnan

Anandhu Krishnan

Insecure JavaServer Faces ViewState

Insecure JavaServer Faces ViewState

Anandhu Krishnan

Anandhu Krishnan

Insecure HTTPS to HTTP Form Transition

Insecure HTTPS to HTTP Form Transition

Anandhu Krishnan

Anandhu Krishnan

Insecure HTTP to HTTPS Form Transition

Insecure HTTP to HTTPS Form Transition

Anandhu Krishnan

Anandhu Krishnan

Insecure Authentication Method

Insecure Authentication Method

Anandhu Krishnan

Anandhu Krishnan

Information Leak in Page Banner

Information Leak in Page Banner

Anandhu Krishnan

Anandhu Krishnan

Improper Cache-Control Configuration

Improper Cache-Control Configuration

Anandhu Krishnan

Anandhu Krishnan

HTTPS Content Accessible via HTTP

HTTPS Content Accessible via HTTP

Anandhu Krishnan

Anandhu Krishnan

HTTP Parameter Manipulation

HTTP Parameter Manipulation

Anandhu Krishnan

Anandhu Krishnan

HTTP Only Website

HTTP Only Website

Anandhu Krishnan

Anandhu Krishnan

.htaccess File Disclosure

.htaccess File Disclosure

Anandhu Krishnan

Anandhu Krishnan

Hidden File Exposure

Hidden File Exposure

Anandhu Krishnan

Anandhu Krishnan

Full Path Disclosure

Full Path Disclosure

Anandhu Krishnan

Anandhu Krishnan

Excessive Redirects Causing Sensitive Data Leakage

Excessive Redirects Causing Sensitive Data Leakage

Anandhu Krishnan

Anandhu Krishnan

.env File Disclosure

.env File Disclosure

Anandhu Krishnan

Anandhu Krishnan

Email Disclosure via WebSocket

Email Disclosure via WebSocket

Anandhu Krishnan

Anandhu Krishnan

Email Addresses in ViewState

Email Addresses in ViewState

Anandhu Krishnan

Anandhu Krishnan

ELMAH Log Disclosure

ELMAH Log Disclosure

Anandhu Krishnan

Anandhu Krishnan

Deprecated ASP.NET Version

Deprecated ASP.NET Version

Anandhu Krishnan

Anandhu Krishnan

CSRF Token Missing

CSRF Token Missing

Anandhu Krishnan

Anandhu Krishnan

Cross-Origin-Opener-Policy Misconfiguration

Cross-Origin-Opener-Policy Misconfiguration

Anandhu Krishnan

Anandhu Krishnan

Cross-Domain Security Misconfiguration

Cross-Domain Security Misconfiguration

Anandhu Krishnan

Anandhu Krishnan

CRLF Injection Attack

CRLF Injection Attack

Anandhu Krishnan

Anandhu Krishnan

Cookie Poisoning

Cookie Poisoning

Anandhu Krishnan

Anandhu Krishnan

ChromeLogger Data Leak

ChromeLogger Data Leak

Anandhu Krishnan

Anandhu Krishnan

Charset Manipulation Vulnerability

Charset Manipulation Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Character Set Mismatch

Character Set Mismatch

Anandhu Krishnan

Anandhu Krishnan

Cached Data Retrieved

Cached Data Retrieved

Anandhu Krishnan

Anandhu Krishnan

Buffer Overflow Vulnerability

Buffer Overflow Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Base64 Encoded Data Leak in WebSocket

Base64 Encoded Data Leak in WebSocket

Anandhu Krishnan

Anandhu Krishnan

Base64 Encoded Data Exposure

Base64 Encoded Data Exposure

Anandhu Krishnan

Anandhu Krishnan

Backup File Exposure

Backup File Exposure

Anandhu Krishnan

Anandhu Krishnan

ASP.NET ViewState Exposure

ASP.NET ViewState Exposure

Anandhu Krishnan

Anandhu Krishnan

Apache Range Header Denial of Service

Apache Range Header Denial of Service

Anandhu Krishnan

Anandhu Krishnan

403 Forbidden Bypass

403 Forbidden Bypass

Anandhu Krishnan

Anandhu Krishnan

XXE Vulnerability

XXE Vulnerability

Anandhu Krishnan

Anandhu Krishnan

XPath Injection Attack

XPath Injection Attack

Anandhu Krishnan

Anandhu Krishnan

ASP Code Injection

ASP Code Injection

Anandhu Krishnan

Anandhu Krishnan

Advanced SQL Injection Vulnerability

Advanced SQL Injection Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Apache Commons Text Vulnerability (Text4shell)

Apache Commons Text Vulnerability (Text4shell)

Anandhu Krishnan

Anandhu Krishnan

SSRF Vulnerability

SSRF Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Spring Framework Vulnerability (Spring4Shell)

Spring Framework Vulnerability (Spring4Shell)

Anandhu Krishnan

Anandhu Krishnan

Log4j Vulnerability (CVE-2021-45046)

Log4j Vulnerability (CVE-2021-45046)

Anandhu Krishnan

Anandhu Krishnan

Log4j Vulnerability (CVE-2021-44228)

Log4j Vulnerability (CVE-2021-44228)

Anandhu Krishnan

Anandhu Krishnan

NoSQL Injection (MongoDB)

NoSQL Injection (MongoDB)

Anandhu Krishnan

Anandhu Krishnan

OOB XSS Vulnerability

OOB XSS Vulnerability

Anandhu Krishnan

Anandhu Krishnan

DOM-Based XSS Vulnerability

DOM-Based XSS Vulnerability

Anandhu Krishnan

Anandhu Krishnan

SQL Injection (PostgreSQL)

SQL Injection (PostgreSQL)

Anandhu Krishnan

Anandhu Krishnan

SQL Injection (Oracle)

SQL Injection (Oracle)

Anandhu Krishnan

Anandhu Krishnan

SQL Injection (Hypersonic SQL)

SQL Injection (Hypersonic SQL)

Anandhu Krishnan

Anandhu Krishnan

Remote Code Execution (CVE-2012-1823)

Remote Code Execution (CVE-2012-1823)

Anandhu Krishnan

Anandhu Krishnan

LDAP Injection Attack

LDAP Injection Attack

Anandhu Krishnan

Anandhu Krishnan

Cross Site Scripting (Persistent)

Cross Site Scripting (Persistent)

Anandhu Krishnan

Anandhu Krishnan

Server-Side Include Vulnerability

Server-Side Include Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Source Code Exposure (CVE-2012-1823)

Source Code Exposure (CVE-2012-1823)

Anandhu Krishnan

Anandhu Krishnan

Silverlight Cross-Domain Misconfiguration

Silverlight Cross-Domain Misconfiguration

Anandhu Krishnan

Anandhu Krishnan

Adobe Cross-Domain Send Misconfiguration

Adobe Cross-Domain Send Misconfiguration

Anandhu Krishnan

Anandhu Krishnan

Adobe Cross-Domain Read Misconfiguration

Adobe Cross-Domain Read Misconfiguration

Anandhu Krishnan

Anandhu Krishnan

Heartbleed Vulnerability

Heartbleed Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Httpoxy - Unsafe Proxy Header Usage

Httpoxy - Unsafe Proxy Header Usage

Anandhu Krishnan

Anandhu Krishnan

Personally Identifiable Information Disclosure

Personally Identifiable Information Disclosure

Anandhu Krishnan

Anandhu Krishnan

ASP.NET ViewState Integrity Check

ASP.NET ViewState Integrity Check

Anandhu Krishnan

Anandhu Krishnan

Improper Access Control

Improper Access Control

Anandhu Krishnan

Anandhu Krishnan

Shellshock Remote Code Execution

Shellshock Remote Code Execution

Anandhu Krishnan

Anandhu Krishnan

Properties File Exposure in /WEB-INF

Properties File Exposure in /WEB-INF

Anandhu Krishnan

Anandhu Krishnan

Potential Heartbleed Vulnerability

Potential Heartbleed Vulnerability

Anandhu Krishnan

Anandhu Krishnan

Unsecured ViewState (Confirmed MAC Signature Absence)

Unsecured ViewState (Confirmed MAC Signature Absence)

Anandhu Krishnan

Anandhu Krishnan

Unsecured ViewState (Possible MAC Signature Absence)

Unsecured ViewState (Possible MAC Signature Absence)

Anandhu Krishnan

Anandhu Krishnan

Anandhu Krishnan

Anandhu Krishnan

Source Code Exposure via File Inclusion

Source Code Exposure via File Inclusion

Anandhu Krishnan

Anandhu Krishnan

Git Repository Exposure

Git Repository Exposure

Anandhu Krishnan

Anandhu Krishnan

Directory Indexing

Directory Indexing

Anandhu Krishnan

Anandhu Krishnan

Odoo 12.0 - Local File Inclusion

Odoo 12.0 - Local File Inclusion

Anandhu Krishnan

Anandhu Krishnan

Referrer-policy header cannot be recognized

Referrer-policy header cannot be recognized

Cyber Security Engineer

WordPress user enumeration

WordPress user enumeration

Co-founder, Director

X-frames options header cannot be recognized

X-frames options header cannot be recognized

Cyber Security Lead Engineer

Revealing phpinfo()

Revealing phpinfo()

Cyber Security Lead Engineer

ThinkCMF-LFI vulnerability

ThinkCMF-LFI vulnerability

Cyber Security Engineer

Captcha image detected

Captcha image detected

Cyber Security Lead Engineer

Apache Tomcat Remote Code Execution (RCE)

Apache Tomcat Remote Code Execution (RCE)

Cyber Security Engineer

Uncommon query string parameter

Uncommon query string parameter

Co-founder, Director

Unsecured HTTPS cookies

Unsecured HTTPS cookies

Co-founder, Director

Apache Struts 2 S2 –008 RCE1

Apache Struts 2 S2 –008 RCE1

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

X-XSS-protection header disabled

X-XSS-protection header disabled

Co-founder, Director

Browser exploit against SSL/TLS (BEAST attack)

Browser exploit against SSL/TLS (BEAST attack)

Cyber Security Engineer

Invalid certificate chain encountered during redirection

Invalid certificate chain encountered during redirection

Cyber Security Engineer

X-Frame options header not implemented

X-Frame options header not implemented

Co-founder, Director

Credit card number disclosure

Credit card number disclosure

Cyber Security Lead Engineer

Application error disclosure

Application error disclosure

Cyber Security Lead Engineer

Brute force in IIS

Brute force in IIS

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Common gateway interface vulnerability

Common gateway interface vulnerability

Cyber Security Lead Engineer

Bash command injection

Bash command injection

Cyber Security Lead Engineer

Potential web backdoor

Potential web backdoor

Cyber Security Engineer

Directory traversal attacks

Directory traversal attacks

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

XML external entity injection

XML external entity injection

Cyber Security Lead Engineer

SSL compression methods

SSL compression methods

Cyber Security Engineer

User information disclosure

User information disclosure

Cyber Security Engineer

Source code disclosure

Source code disclosure

Cyber Security Engineer

Remote OS Command injection

Remote OS Command injection

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Memcached Injection

Memcached Injection

Cyber Security Engineer

Lack of HTTP Strict Transport Security (HSTS)

Lack of HTTP Strict Transport Security (HSTS)

Cyber Security Engineer

Insecure RIA cross domain policy

Insecure RIA cross domain policy

Cyber Security Lead Engineer

Buffer overflow vulnerability

Buffer overflow vulnerability

Cyber Security Engineer

GraphQL attacks and vulnerabilities

GraphQL attacks and vulnerabilities

Cyber Security Engineer

Full path disclosure (FPD) vulnerability

Full path disclosure (FPD) vulnerability

Cyber Security Engineer

Logjam attack against the TLS protocol

Logjam attack against the TLS protocol

Cyber Security Engineer

Private IP address disclosure

Private IP address disclosure

Cyber Security Engineer

Disabling executable handling in PHP with disable_function

Disabling executable handling in PHP with disable_function

Cyber Security Engineer

Cross-site tracing (XST) vulnerability

Cross-site tracing (XST) vulnerability

Cyber Security Engineer

Email address disclosure

Email address disclosure

Cyber Security Engineer

The DROWN attack

The DROWN attack

Co-founder, Director

Remote file inclusion

Remote file inclusion

Cyber Security Engineer

Cyber Security Engineer

Virtual hosts vulnerability

Virtual hosts vulnerability

Cyber Security Engineer

What is HTTP Response Header Injection?

What is HTTP Response Header Injection?

Product Marketing Specialist

Insecure Redirection

Insecure Redirection

Product Marketing Specialist

What is Shellshock vulnerability?

What is Shellshock vulnerability?

Product Marketing Specialist

ROBOT Attack (Breitenbacher RSA)

ROBOT Attack (Breitenbacher RSA)

Nikhil Anilkumar

Nikhil Anilkumar

DevSecOps Engineer

Format String Vulnerability

Format String Vulnerability

Cyber Security Engineer

Clickjacking attack

Clickjacking attack

Cyber Security Engineer

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cross Site Scripting

Cross Site Scripting

Co-founder, Director

External redirection

External redirection

Co-founder, Director

WordPress Plugin Reflected Cross Site Scripting

WordPress Plugin Reflected Cross Site Scripting

Cyber Security Engineer

Old Backup and Unreferenced files

Old Backup and Unreferenced files

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress arbitrary file upload and download

WordPress arbitrary file upload and download

Co-founder, Director

WordPress MediaElement Cross-Site Scripting

WordPress MediaElement Cross-Site Scripting

Cyber Security Engineer

WordPress Default localhost vulnerability

WordPress Default localhost vulnerability

Cyber Security Engineer

WordPress Authenticated JavaScript File Upload

WordPress Authenticated JavaScript File Upload

Co-founder, Director

Insecure FrontPage extension configuration

Insecure FrontPage extension configuration

Co-founder, Director

Server-Side Includes (SSI) Injection

Server-Side Includes (SSI) Injection

Cyber Security Lead Engineer

Information leakage using meta tag

Information leakage using meta tag

Cyber Security Engineer

Cross-site request forgery attack

Cross-site request forgery attack

Co-founder, Director

HTTP Strict Transport Security (HSTS) header set to less than six months

HTTP Strict Transport Security (HSTS) header set to less than six m...

Cyber Security Engineer

X-XSS-Protection header invalid

X-XSS-Protection

X-XSS-Protection header invalid

Co-founder, Director

Renegotiation allowing to insert data into HTTPS sessions

Renegotiation allowing to insert data into HTTPS sessions

Co-founder, Director

Lucky Thirteen attack against implementations of the Transport Layer Security

Lucky Thirteen attack against implementations of the Transport Laye...

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header on the invalid certificate chain

HTTP Strict Transport Security (HSTS) header on the invalid certifi...

Co-founder, Director

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cross-Origin Resource Sharing implemented with universal access

Cross-Origin Resource Sharing implemented with universal access

Co-founder, Director

Content Security Policy implemented with unsafe inline

Content Security Policy

Content Security Policy implemented with unsafe inline

Co-founder, Director

Content Security Policy (CSP) implemented with unsafe-eval

Content Security Policy (CSP) implemented with unsafe-eval

Co-founder, Director

Content Security Policy (CSP) implemented with insecure scheme

Content Security Policy

Content Security Policy (CSP) implemented with insecure scheme

Cyber Security Lead Engineer

Content Security Policy (CSP) header cannot be parsed successfully

Content Security Policy

Content Security Policy (CSP) header cannot be parsed successfully

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Content Security Policy (CSP) implemented with the insecure scheme in passive content only

Content Security Policy (CSP) implemented with the insecure scheme ...

Cyber Security Engineer

Redirection from HTTP to HTTPS to a different host preventing HSTS

Client Side URL Redirect

Redirection from HTTP to HTTPS to a different host preventing HSTS

Cyber Security Lead Engineer

Zoom Patches “Zero-Click” RCE Bug

Zoom Patches “Zero-Click” RCE Bug

Content Specialist

WordPress Multiple Themes Privilege Escalation

WordPress Multiple Themes Privilege Escalation

Cyber Security Engineer

X-Content-Type-Options header not implemented

X-Content-Type-Options header not implemented

Cyber Security Engineer

X-Content-Type-Options header cannot be recognized

X-Content-Type-Options header cannot be recognized

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

SQL injection(SQLi)

SQL injection(SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Symantec SSL/TLS check

Symantec SSL/TLS check

Cyber Security Lead Engineer

PHP session.use_trans_sid Session Hijacking

PHP session.use_trans_sid Session Hijacking

Co-founder, Director

PHP expose_php is on

PHP expose_php is on

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

PHP default_charset is none

PHP default_charset is none

Cyber Security Engineer

WordPress Slider Revolution Local File Disclosure

WordPress Slider Revolution Local File Disclosure

Cyber Security Engineer

WordPress Host header attack

WordPress Host header attack

Cyber Security Engineer

Website contains Mercurial metadata directory

Website contains Mercurial metadata directory

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely

Sub resource Integrity (SRI) not implemented but all external scrip...

Cyber Security Engineer

Factoring RSA Export Keys (FREAK) Attack

Factoring RSA Export Keys (FREAK) Attack

Cyber Security Engineer

Fingerprinting Web Server

Fingerprinting Web Server

Co-founder, Director

Phpinfo() PHP Magic Quotes Gpc is On

Phpinfo() PHP Magic Quotes Gpc is On

Co-founder, Director

TLS Safari compatibility

TLS Safari compatibility

Cyber Security Engineer

TLS Internet Explorer compatibility

TLS Internet Explorer compatibility

Co-founder, Director

Server Certificate Validation Through OCSP Stapling

Server Certificate Validation Through OCSP Stapling

Cyber Security Engineer

Generic Map Nomatch

Generic Map Nomatch

Co-founder, Director

Common Backdoors

Common Backdoors

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Improper handling of post metadata check

WordPress Improper handling of post metadata check

Co-founder, Director

Test For Checking CGI Force Redirect

Test For Checking CGI Force Redirect

Cyber Security Lead Engineer

Remote administrative access

Remote administrative access

Cyber Security Engineer

PwnKit (CVE-2021-4034): Linux system service bug

PwnKit (CVE-2021-4034): Linux system service bug

Content Specialist

Web Cache Deception

Web Cache Deception

Cyber Security Engineer

Zenphoto Installation Sensitive Information

Zenphoto Installation Sensitive Information

XSS in Fortigates SSL VPN login page

XSS in Fortigates SSL VPN login page

WSO2 Carbon Management Console - XSS

WSO2 Carbon Management Console - XSS

WebPort 1.19.1 - Reflected Cross-Site Scripting

WebPort 1.19.1 - Reflected Cross-Site Scripting

Weblogic SSRF in SearchPublicRegistries.jsp

Weblogic SSRF in SearchPublicRegistries.jsp

User enumeration via insecure Jira endpoint

User enumeration via insecure Jira endpoint

User enumeration via an incorrect authorisation in Jira

User enumeration via an incorrect authorisation in Jira

trixbox 2.8.0 - directory-traversal

trixbox 2.8.0 - directory-traversal

Triconsole 3.75 XSS

Triconsole 3.75 XSS

TileServer GL Reflected XSS

TileServer GL Reflected XSS

ThinkAdmin 6 - Arbitrarily File Read

ThinkAdmin 6 - Arbitrarily File Read

Splunk Sensitive Information Disclosure

Splunk Sensitive Information Disclosure

SonarQube unauth

SonarQube unauth

SolarWinds Database Performance Analyzer 11.1. 457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1. 457 - Cross-Site Scr...

Sensitive data exposure via insecure Jira endpoint

Sensitive data exposure via insecure Jira endpoint

Rumpus FTP Web File Manager 8.2.9.1 XSS

Rumpus FTP Web File Manager 8.2.9.1 XSS

Rstudio Shiny Server Directory Traversal

Rstudio Shiny Server Directory Traversal

RockMongo V1.1.8 XSS

RockMongo V1.1.8 XSS

RocketChat Unauthenticated Email enumeration

RocketChat Unauthenticated Email enumeration

Revive Adserver XSS

Revive Adserver XSS

Redwood v4.3.4.5-v4.5.3 XSS

Redwood v4.3.4.5-v4.5.3 XSS

Query hashed password via QueryBuilder Servlet

Query hashed password via QueryBuilder Servlet

phpMyAdmin setup page

phpMyAdmin setup page

Palo Alto Networks Reflected XSS

Palo Alto Networks Reflected XSS

PacsOne Server XSS

PacsOne Server XSS

Oracle WebCenter Sites XSS

Oracle WebCenter Sites XSS

Oracle Content Server XSS

Oracle Content Server XSS

Open-School 3.0/Community Edition 2.3 - Cross Site Scripting

Open-School 3.0/Community Edition 2.3 - Cross Site Scripting

Open-redirect in Traefik

Open-redirect in Traefik

Open Redirect in EpiServer

Open Redirect in EpiServer

Nginx virtual host traffic status module XSS

Nginx virtual host traffic status module XSS

Next.js .next/ limited path traversal

Next.js .next/ limited path traversal

Neon Dashboard - XSS Reflected

Neon Dashboard - XSS Reflected

MySQL Dump Files

MySQL Dump Files

McAfee ePolicy Orchestrator Reflected XSS

McAfee ePolicy Orchestrator Reflected XSS

Cyber Security Engineer

Mara CMS 7.5 - Reflected Cross-Site Scripting

Mara CMS 7.5 - Reflected Cross-Site Scripting

Cyber Security Engineer

Magmi – Cross-Site Scripting v.0.7.22

Magmi – Cross-Site Scripting v.0.7.22

Anandhu Krishnan

Anandhu Krishnan

LinkedIn Oncall 1.4.0 XSS

LinkedIn Oncall 1.4.0 XSS

Anandhu Krishnan

Anandhu Krishnan

Laravel Debug Enabled

Laravel Debug Enabled

Lanproxy Directory Traversal

Lanproxy Directory Traversal

JIRA Unauthenticated Sensitive Information Disclosure

JIRA Unauthenticated Sensitive Information Disclosure

Jira Subversion ALM for enterprise XSS

Jira Subversion ALM for enterprise XSS

Cyber Security Engineer

Cyber Security Engineer

Jira - Reflected XSS using searchOwnerUserName parameter.

Jira - Reflected XSS using searchOwnerUserName parameter.

Cyber Security Engineer

JIRA Directory Traversal

JIRA Directory Traversal

Cyber Security Engineer

Jenzabar v9.20-v9.2.2 XSS

Jenzabar v9.20-v9.2.2 XSS

Anandhu Krishnan

Anandhu Krishnan

Jenkins Gitlab Hook XSS

Jenkins Gitlab Hook XSS

Anandhu Krishnan

Anandhu Krishnan

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting

Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting

Anandhu Krishnan

Anandhu Krishnan

Jenkin Audit Trail Plugin XSS

Jenkin Audit Trail Plugin XSS

Anandhu Krishnan

Anandhu Krishnan

IceWarp WebMail XSS

IceWarp WebMail XSS

Anandhu Krishnan

Anandhu Krishnan

IceWarp WebMail Reflected XSS

IceWarp WebMail Reflected XSS

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

HA Proxy Statistics

HA Proxy Statistics

Cyber Security Engineer

Grafana unauthenticated API

Grafana unauthenticated API

Cyber Security Lead Engineer

Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)

Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)

Anandhu Krishnan

Anandhu Krishnan

FortiWeb Unauthenticated XSSFortiWeb Unauthenticated XSS

FortiWeb Unauthenticated XSSFortiWeb Unauthenticated XSS

Fortinet FortiOS Cross-Site Scripting

Fortinet FortiOS Cross-Site Scripting

Cyber Security Lead Engineer

File Content Disclosure on Rails

File Content Disclosure on Rails

Co-founder, Director

Cyber Security Engineer

Eclipse Jetty Remote Leakage

Eclipse Jetty Remote Leakage

Cyber Security Engineer

DLINK DSL 2888a RCE

DLINK DSL 2888a RCE

Cyber Security Engineer

Django Debug Method Enabled

Django Debug Method Enabled

Cyber Security Engineer

Directory traversal in Cisco ASA & Cisco Firepower

Directory traversal in Cisco ASA & Cisco Firepower

Cyber Security Engineer

DedeCMS 5.7 path disclosure

DedeCMS 5.7 path disclosure

Cyber Security Engineer

CRLF Injection - Sercomm VD625

CRLF Injection - Sercomm VD625

Cobub Razor 0.8.0 Physical path Leakage Vulnerability

Cobub Razor 0.8.0 Physical path Leakage Vulnerability

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cisco ASA path traversal vulnerability

Cisco ASA path traversal vulnerability

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Bypassing Authentication on NETGEAR Routers

Bypassing Authentication on NETGEAR Routers

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Atlassian Jira WallboardServlet XSS

Atlassian Jira WallboardServlet XSS

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Atlassian Confluence Status-List XSS

Atlassian Confluence Status-List XSS

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Atlassian Confluence configuration files read

Atlassian Confluence configuration files read

Cyber Security Engineer

Aryanic HighMail (High CMS) XSS

Aryanic HighMail (High CMS) XSS

Cyber Security Engineer

AppServ Open Project 2.5.10 and earlier XSS

AppServ Open Project 2.5.10 and earlier XSS

Cyber Security Engineer

Apache Tomcat Open Redirect

Apache Tomcat Open Redirect

Cyber Security Engineer

Apache Tomcat JK Status Manager Access

Apache Tomcat JK Status Manager Access

Cyber Security Engineer

Apache Solr less than or equal 8.8.1 SSRF

Apache Solr less than or equal 8.8.1 SSRF

Co-founder, Director

Apache OFBiz XML-RPC Java Deserialization

Apache OFBiz XML-RPC Java Deserialization

Co-founder, Director

Apache OFBiz Reflected XSS

Apache OFBiz Reflected XSS

Cyber Security Engineer

Apache mod_proxy HTML Injection / Partial XSS

Apache mod_proxy HTML Injection / Partial XSS

Cyber Security Engineer

Apache Kylin Unauth

Apache Kylin Unauth

Cyber Security Engineer

Apache ActiveMQ XSS

Apache ActiveMQ XSS

AnchorCMS Error Log Exposure

AnchorCMS Error Log Exposure

AEM QueryBuilder Internal Path Read

AEM QueryBuilder Internal Path Read

Web Cache Poisoning

Web Cache Poisoning

Cross Site Scripting in Oracle Secure Global Desktop Administration Console

Cross Site Scripting in Oracle Secure Global Desktop Administration...

Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution

Webmin less than or equal to 1.920 Unauthenticated Remote Command E...

Symfony Profiler information leakage

Symfony Profiler information leakage

Anandhu Krishnan

Anandhu Krishnan

SFTP credentials exposure

SFTP credentials exposure

Anandhu Krishnan

Anandhu Krishnan

Ruijie Smartweb Management System Password Information Disclosure

Ruijie Smartweb Management System Password Information Disclosure

Cyber Security Engineer

Rails Debug Mode Enabled

Rails Debug Mode Enabled

Cyber Security Engineer

Rails Asset Pipeline Directory Traversal Vulnerability

Rails Asset Pipeline Directory Traversal Vulnerability

Cyber Security Engineer

Nuxeo Authentication Bypass Remote Code Execution

Nuxeo Authentication Bypass Remote Code Execution

Cyber Security Engineer

Nginx off-by-slash exposes Git config

Nginx off-by-slash exposes Git config

Cyber Security Engineer

Magento Config Disclosure

Magento Config Disclosure

Cyber Security Engineer

Laravel Telescope Disclosure

Laravel Telescope Disclosure

Cyber Security Engineer

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Jnoj Directory Traversal for file reading(LFI)

Jnoj Directory Traversal for file reading(LFI)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Exposed SVN Directory

Exposed SVN Directory

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

elmah.axd Disclosure

elmah.axd Disclosure

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

docker-compose.yml exposure

docker-compose.yml exposure

Cyber Security Engineer

Apache mod_perl Status Page Exposure

Apache mod_perl Status Page Exposure

Cyber Security Lead Engineer

Apache Airflow Configuration Exposure

Apache Airflow Configuration Exposure

Co-founder, Director

Ansible Configuration Exposure

Ansible Configuration Exposure

Co-founder, Director

ACME mini_httpd arbitrary file read

ACME mini_httpd arbitrary file read

Cyber Security Engineer

Timesheet 1.5.3 - Cross Site Scripting

Timesheet 1.5.3 - Cross Site Scripting

Log4j Vulnerability

Log4j Vulnerability

Content Specialist

ZZZCMS 1.6.1 RCE

ZZZCMS 1.6.1 RCE

Cyber Security Engineer

Yachtcontrol Web application 1.0 - Unauthenticated RCE

Yachtcontrol Web application 1.0 - Unauthenticated RCE

XdCMS SQL Injection

XdCMS SQL Injection

Anandhu Krishnan

Anandhu Krishnan

worksites takeover detection

worksites takeover detection

Cyber Security Engineer

Webflow Takeover Detection

Webflow Takeover Detection

Cyber Security Engineer

Wavemaker Studio 6.6 LFI/SSRF

Wavemaker Studio 6.6 LFI/SSRF

Cyber Security Engineer

VMware vCenter Unauthenticated Arbitrary File Read

VMware vCenter Unauthenticated Arbitrary File Read

Cyber Security Engineer

Vmware Vcenter LFI for Linux appliances

Vmware Vcenter LFI for Linux appliances

Cyber Security Engineer

Vehicle Parking Management System 1.0 - Authentication Bypass

Vehicle Parking Management System 1.0 - Authentication Bypass

Unauthenticated Jenkin Dashboard

Unauthenticated Jenkin Dashboard

Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info Disclosure

Unauthenticated Cisco Small Business WAN VPN Routers Sensitive Info...

Twig PHP less than 2.4.4 template engine - SSTI

Twig PHP less than 2.4.4 template engine - SSTI

Tpshop Directory Traversal

Tpshop Directory Traversal

Totaljs - Unauthenticated Directory Traversal

Totaljs - Unauthenticated Directory Traversal

Symfony Debug Mode

Symfony Debug Mode

Cyber Security Engineer

Symfony Database Configuration Exposure

Symfony Database Configuration Exposure

Cyber Security Engineer

Subrion CMS SQL Injection

Subrion CMS SQL Injection

Cyber Security Lead Engineer

Strikingly Takeover Detection

Strikingly Takeover Detection

Cyber Security Lead Engineer

Spring Boot Actuators (Jolokia) XXE

Spring Boot Actuators (Jolokia) XXE

Co-founder, Director

Smugmug Takeover Detection

Smugmug Takeover Detection

Co-founder, Director

simplebooklet takeover detection

simplebooklet takeover detection

Cyber Security Engineer

Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI

Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI

Cyber Security Engineer

Ruijie Information Disclosure

Ruijie Information Disclosure

Anandhu Krishnan

Anandhu Krishnan

rConfig 3.9.5 - Remote Code Execution

rConfig 3.9.5 - Remote Code Execution

Rack-Mini-Profiler Environment Information Disclosure

Rack-Mini-Profiler Environment Information Disclosure

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

PUT Method Enabled

PUT Method Enabled

Cyber Security Engineer

Pulse Connect Secure SSL VPN arbitrary file read vulnerability

Pulse Connect Secure SSL VPN arbitrary file read vulnerability

Cyber Security Lead Engineer

Proposify Takeover Detection

Proposify Takeover Detection

Cyber Security Lead Engineer

Cyber Security Engineer

PMB 5.6 - 'chemin' Local File Disclosure

PMB 5.6 - 'chemin' Local File Disclosure

Cyber Security Engineer

PhpMyAdmin Scripts/setup.php Deserialization Vulnerability

PhpMyAdmin Scripts/setup.php Deserialization Vulnerability

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability

Anandhu Krishnan

Anandhu Krishnan

oday RCE in vBulletin v5.0.0-v5.5.4 fix bypass

oday RCE in vBulletin v5.0.0-v5.5.4 fix bypass

Anandhu Krishnan

Anandhu Krishnan

NUUO NVRmini 2 3.0.8 Local File Disclosure

NUUO NVRmini 2 3.0.8 Local File Disclosure

Node.js Systeminformation Command Injection

Node.js Systeminformation Command Injection

Node.js 8.5.0 gater than equal and less than 8.6.0 Directory Traversal

Node.js 8.5.0 gater than equal and less than 8.6.0 Directory Traversal

Co-founder, Director

Nextjs v2.4.1 LFI

Nextjs v2.4.1 LFI

Co-founder, Director

Netrc Config File

Netrc Config File

Co-founder, Director

Moodle filter_jmol - LFI

Moodle filter_jmol - LFI

Cyber Security Engineer

Modern Events Calendar Lite less than 5.16.5 - Unauthenticated Events Export

Modern Events Calendar Lite less than 5.16.5 - Unauthenticated Even...

Cyber Security Engineer

MicroStrategy tinyurl - BSSRF

MicroStrategy tinyurl - BSSRF

Cyber Security Engineer

MetInfo 6.0.0/6.1.0 LFI

MetInfo 6.0.0/6.1.0 LFI

Cyber Security Engineer

McAfee ePolicy Orchestrator RCE

McAfee ePolicy Orchestrator RCE

Anandhu Krishnan

Anandhu Krishnan

Majordomo2 - SMTP/HTTP Directory Traversal

Majordomo2 - SMTP/HTTP Directory Traversal

Anandhu Krishnan

Anandhu Krishnan

Laravel log file publicly accessible

Laravel log file publicly accessible

Joomla SQL Injection

Joomla SQL Injection

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Joomla Core SQL Injection

Joomla Core SQL Injection

Cyber Security Engineer

Jira IconURIServlet SSRF

Jira IconURIServlet SSRF

Cyber Security Lead Engineer

Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read

Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read

Co-founder, Director

Intercom Takeover Detection

Intercom Takeover Detection

Co-founder, Director

IceWarp Less Than 10.4.4 - Local File Inclusion

IceWarp Less Than 10.4.4 - Local File Inclusion

Cyber Security Engineer

Hikvision Authentication Bypass

Hikvision Authentication Bypass

Cyber Security Engineer

Helpscout Takeover Detection

Helpscout Takeover Detection

Cyber Security Engineer

Hatenablog takeover detection

Hatenablog takeover detection

Getresponse Takeover Detection

Getresponse Takeover Detection

Cyber Security Engineer

Geddy before v13.0.8 LFI

Geddy before v13.0.8 LFI

Anandhu Krishnan

Anandhu Krishnan

Feifeicms Local File Read

Feifeicms Local File Read

Etouch v2 SQL Injection

Etouch v2 SQL Injection

Anandhu Krishnan

Anandhu Krishnan

etcd Unauthenticated HTTP API Leak

etcd Unauthenticated HTTP API Leak

Cyber Security Engineer

Elasticsearch Head plugin LFI

Elasticsearch Head plugin LFI

Cyber Security Engineer

EEA Information Disclosure

EEA Information Disclosure

Co-founder, Director

DuomiCMS SQL Injection

DuomiCMS SQL Injection

Co-founder, Director

Druid Monitor Unauthorized Access

Druid Monitor Unauthorized Access

Cyber Security Lead Engineer

Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5

Directory traversal vulnerability in SAP NetWeaver Application Serv...

Cyber Security Lead Engineer

Detect Springboot Env Actuator

Detect Springboot Env Actuator

Cyber Security Engineer

Deltek Maconomy 2.2.5 LFI

Deltek Maconomy 2.2.5 LFI

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

D-Link Arbitrary File Read

D-Link Arbitrary File Read

Cyber Security Engineer

Coremail Config Disclosure

Coremail Config Disclosure

Cyber Security Engineer

CMSimple 3.1 - Local File Inclusion

CMSimple 3.1 - Local File Inclusion

Clockwork PHP Page Exposure

Clockwork PHP Page Exposure

Citrix ADC Directory Traversal

Citrix ADC Directory Traversal

Cargo Takeover Detection

Cargo Takeover Detection

Campaignmonitor Takeover Detection

Campaignmonitor Takeover Detection

Bullwark Momentum Series JAWS 1.0 - Directory Traversal

Bullwark Momentum Series JAWS 1.0 - Directory Traversal

Anandhu Krishnan

Anandhu Krishnan

Bigcartel Takeover Detection

Bigcartel Takeover Detection

Cyber Security Engineer

atlassian confluence path traversal

atlassian confluence path traversal

Cyber Security Engineer

Apache Struts RCE

Apache Struts RCE

Co-founder, Director

Apache Solr gater than 8.8.1 Arbitrary File Read

Apache Solr gater than 8.8.1 Arbitrary File Read

Co-founder, Director

Apache CouchDB Remote Privilege Escalation

Apache CouchDB Remote Privilege Escalation

Cyber Security Engineer

Apache Arbitrary File Upload

Apache Arbitrary File Upload

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Apache S2-032 Struts RCE

Apache S2-032 Struts RCE

Cyber Security Lead Engineer

Anima Takeover Detection

Anima Takeover Detection

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Agilecrm Takeover Detection

Agilecrm Takeover Detection

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI

Oracle Business Intelligence Path Traversal

Oracle Business Intelligence Path Traversal

74cms Sql Injection

74cms Sql Injection

Cyber Security Engineer

Anandhu Krishnan

Anandhu Krishnan

VBulletin Pre-Auth RCE

VBulletin Pre-Auth RCE

Anandhu Krishnan

Anandhu Krishnan

FuelCMS 1.4.1 - Remote Code Execution

FuelCMS 1.4.1 - Remote Code Execution

Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’

Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’

Cyber Security Engineer

Unauthenticated Oracle WebLogic Server RCE

Unauthenticated Oracle WebLogic Server RCE

Cyber Security Engineer

TerraMaster TOS v4.1.24 RCE

TerraMaster TOS v4.1.24 RCE

Co-founder, Director

Spring Data Commons Unauthenticated RCE

Spring Data Commons Unauthenticated RCE

Co-founder, Director

SaltStack Shell Injection

SaltStack Shell Injection

Cyber Security Lead Engineer

RCE in MobileIron Core & Connector

RCE in MobileIron Core & Connector

Cyber Security Engineer

PhpMyAdmin 4.8.1 Remote File Inclusion

PhpMyAdmin 4.8.1 Remote File Inclusion

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Oracle WebLogic Server Administration Console Handle RCE

Oracle WebLogic Server Administration Console Handle RCE

Anandhu Krishnan

Anandhu Krishnan

Netsweeper WebAdmin unixlogin.php Python Code Injection

Netsweeper WebAdmin unixlogin.php Python Code Injection

Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE

Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE

Micro Focus UCMDB RCE

Micro Focus UCMDB RCE

LinuxKI Toolset 6.01 Remote Command Execution

LinuxKI Toolset 6.01 Remote Command Execution

Anandhu Krishnan

Anandhu Krishnan

Liferay Portal Unauthenticated RCE

Liferay Portal Unauthenticated RCE

Anandhu Krishnan

Anandhu Krishnan

Inspur ClusterEngine V4.0 RCE

Inspur ClusterEngine V4.0 RCE

Anandhu Krishnan

Anandhu Krishnan

Emby Server SSRF

Emby Server SSRF

ElasticSearch v1.1.1/1.2 RCE

ElasticSearch v1.1.1/1.2 RCE

Drupal Drupalgeddon 2 RCE

Drupal Drupalgeddon 2 RCE

Co-founder, Director

Default Credentials of WMT Server

Default Credentials of WMT Server

Cyber Security Engineer

Create an Administrative User in SAP NetWeaver AS JAVA

Create an Administrative User in SAP NetWeaver AS JAVA

Cyber Security Engineer

Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword

Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword

Anandhu Krishnan

Anandhu Krishnan

Cockpit prior to 0.12.0 NoSQL injection in /auth/check

Cockpit prior to 0.12.0 NoSQL injection in /auth/check

Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword

Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword

Co-founder, Director

Artica Web Proxy 4.30 Authentication Bypass

Artica Web Proxy 4.30 Authentication Bypass

Cyber Security Engineer

Apache Struts2 S2-057 RCE

Apache Struts2 S2-057 RCE

Cyber Security Engineer

DrayTek pre-auth RCE

DrayTek pre-auth RCE

Anandhu Krishnan

Anandhu Krishnan

Apache Flink Upload Path Traversal

Apache Flink Upload Path Traversal

Alerta Authentication Bypass

Alerta Authentication Bypass

Cyber Security Engineer

Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE

Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

VRealize Operations Manager API SSRF

VRealize Operations Manager API SSRF

Cyber Security Lead Engineer

Cyber Security Engineer

YouPHPTube Encoder RCE

YouPHPTube Encoder RCE

Cyber Security Engineer

Nostromo 1.9.6 - Remote Code Execution

Nostromo 1.9.6 - Remote Code Execution

Cyber Security Lead Engineer

EYou E-Mail system RCE

EYou E-Mail system RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

EMerge E3 1.00-06 - Remote Code Execution

EMerge E3 1.00-06 - Remote Code Execution

Cyber Security Engineer

Apache tika 1.15-1.17 header command injection

Apache tika 1.15-1.17 header command injection

Co-founder, Director

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

Cyber Security Engineer

Zimbra Collaboration XXE

Zimbra Collaboration XXE

Cyber Security Engineer

Zeroshell 3.9.0 Remote Command Execution

Zeroshell 3.9.0 Remote Command Execution

Cyber Security Engineer

Zabbix Authentication Bypass

Zabbix Authentication Bypass

Cyber Security Engineer

WeiPHP 5.0 Path Traversal

WeiPHP 5.0 Path Traversal

Co-founder, Director

WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow

WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow

Co-founder, Director

VMware vCenter Unauthenticated RCE

VMware vCenter Unauthenticated RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

VMware View Planner Unauthenticated RCE

VMware View Planner Unauthenticated RCE

Cyber Security Engineer

Unauthenticated Multiple D-Link Routers RCE

Unauthenticated Multiple D-Link Routers RCE

Cyber Security Engineer

Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal

Trend Micro Threat Discovery Appliance Auth Bypass via Directory Tr...

Cyber Security Engineer

ThinkPHP 5.0.9 Information Disclosure

ThinkPHP 5.0.9 Information Disclosure

Cyber Security Lead Engineer

ThinkPHP 5.0.23 RCE

ThinkPHP 5.0.23 RCE

Co-founder, Director

ThinkPHP 5.0.22 RCE

ThinkPHP 5.0.22 RCE

Co-founder, Director

Spring Boot H2 Database RCE

Spring Boot H2 Database RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Sonicwall SSL VPN ShellShock RCE

Sonicwall SSL VPN ShellShock RCE

Cyber Security Engineer

Simple Employee Records System 1.0 RCE

Simple Employee Records System 1.0 RCE

Cyber Security Engineer

Sangfor EDR 3.2.17R1/3.2.21 RCE

Sangfor EDR 3.2.17R1/3.2.21 RCE

Cyber Security Engineer

Samsung Wlan AP (WEA453e)RCE

Samsung Wlan AP (WEA453e)RCE

Co-founder, Director

SaltStack wheel async unauth access

SaltStack wheel async unauth access

Co-founder, Director

RocketChat Unauthenticated Read Access

RocketChat Unauthenticated Read Access

Cyber Security Lead Engineer

Qi anxin Netkang Next Generation Firewall RCE

Qi anxin Netkang Next Generation Firewall RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Oracle Weblogic Server Unauthenticated RCE

Oracle Weblogic Server Unauthenticated RCE

Cyber Security Engineer

Oracle WebLogic RCE

Oracle WebLogic RCE

Cyber Security Engineer

Openfire Full Read SSRF

Openfire Full Read SSRF

Co-founder, Director

OA TongDa Path Traversal

OA TongDa Path Traversal

Co-founder, Director

LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION

LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECU...

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Kibana Timelion Arbitrary Code Execution

Kibana Timelion Arbitrary Code Execution

Cyber Security Engineer

Kentico CMS Insecure Deserialization RCE

Kentico CMS Insecure Deserialization RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Jenkins 2.138 Remote Command Execution

Jenkins 2.138 Remote Command Execution

Cyber Security Engineer

Horde Groupware Unauthenticated

Horde Groupware Unauthenticated

Cyber Security Lead Engineer

Harbor Enables Privilege Escalation From Zero to admin

Harbor Enables Privilege Escalation From Zero to admin

Cyber Security Lead Engineer

FortiLogger Unauthenticated Arbitrary File Upload

FortiLogger Unauthenticated Arbitrary File Upload

Cyber Security Engineer

F5 BIG-IP iControl REST unauthenticated RCE

F5 BIG-IP iControl REST unauthenticated RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Exchange Server SSRF Vulnerability

Exchange Server SSRF Vulnerability

Cyber Security Engineer

ElasticSearch 1.4.0/1.4.2 RCE

ElasticSearch 1.4.0/1.4.2 RCE

Co-founder, Director

Drupal 8 core RESTful Web Services RCE

Drupal 8 core RESTful Web Services RCE

Co-founder, Director

Comodo Unified Threat Management Web Console 2.7.0 - RCE

Comodo Unified Threat Management Web Console 2.7.0 - RCE

Cyber Security Lead Engineer

Cisco IOS 12.2(55)SE11 Remote Code Execution

Cisco IOS 12.2(55)SE11 Remote Code Execution

Cyber Security Lead Engineer

Atlassian Jira template injection

Atlassian Jira template injection

Cyber Security Engineer

Atlassian Crowd & Crowd Data Center - Unauthenticated RCE

Atlassian Crowd & Crowd Data Center - Unauthenticated RCE

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Artifactory Access-Admin Login Bypass

Artifactory Access-Admin Login Bypass

Cyber Security Engineer

Apache Struts2 S2-053 RCE

Apache Struts2 S2-053 RCE

Co-founder, Director

Apache Struts2 S2-052 RCE

Apache Struts2 S2-052 RCE

Cyber Security Lead Engineer

Apache Struts2 S2-012 RCE

Apache Struts2 S2-012 RCE

Cyber Security Engineer

Apache Struts2 S2-001 RCE

Apache Struts2 S2-001 RCE

Cyber Security Engineer

Apache Struts2 RCE

Apache Struts2 RCE

Cyber Security Engineer

Apache Solr 8.3.0 - Remote Code Execution via Velocity Template

Apache Solr 8.3.0 - Remote Code Execution via Velocity Template

Co-founder, Director

Apache OFBiz RMI deserializes Arbitrary Code Execution

Apache OFBiz RMI deserializes Arbitrary Code Execution

Co-founder, Director

Apache Flink Unauth RCE

Apache Flink Unauth RCE

Cyber Security Lead Engineer

Apache Druid RCE

Apache Druid RCE

Cyber Security Lead Engineer

Aem Groovy console enabled

Aem Groovy console enabled

Cyber Security Engineer

ILO4 Authentication bypass

ILO4 Authentication bypass

Co-founder, Director

Klog Server Unauthenticated Command Injection

Klog Server Unauthenticated Command Injection

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Inspur ClusterEngine V4.0 RCE

Inspur ClusterEngine V4.0 RCE

Cyber Security Engineer

Oracle WebLogic Server Administration Console Handle RCE

Oracle WebLogic Server Administration Console Handle RCE

Cyber Security Engineer

Vulnerable Javascript Library

Vulnerable Javascript Library

Co-founder, Director

Htaccess Bypass

Htaccess Bypass

Cyber Security Lead Engineer

Insecure File Upload

Insecure File Upload

Co-founder, Director

SMBGhost Vulnerability (CVE-2020-0796)

SMBGhost Vulnerability (CVE-2020-0796)

Co-founder, Director

PHP-FPM Vulnerability (CVE-2019-11043) with NGINX

PHP-FPM Vulnerability (CVE-2019-11043) with NGINX

Co-founder, Director

DNS Zone Transfer Vulnerability

Information Leakage

DNS Zone Transfer Vulnerability

Cyber Security Engineer

WordPress Versions

WordPress Versions

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Themes

WordPress Themes

Cyber Security Engineer

WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities

Cyber Security Engineer

Union Query SQL Injection (SQLi)

Union Query SQL Injection (SQLi)

Cyber Security Engineer

Transport Layer Security

Transport Layer Security

Co-founder, Director

The unseen Drupal

The unseen Drupal

Cyber Security Lead Engineer

TLS(Transport Layer Security) protocol version outdated

TLS(Transport Layer Security) protocol version outdated

Co-founder, Director

Stacked Queries SQL Injection (SQLi)

Stacked Queries SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

SSL(Secure Sockets Layer) protocol version outdated

SSL(Secure Sockets Layer) protocol version outdated

Cyber Security Engineer

SRI HTML not parsable

SRI HTML not parsable

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

PHP Config contain database IDs and passwords

PHP Config contain database IDs and passwords

Cyber Security Engineer

Inline Queries SQL Injection (SQLi)

Inline Queries SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Information leakage of the web application's directory or folder path

Information leakage of the web application's directory or folder path

Cyber Security Engineer

Error based SQL Injection (SQLi)

Error based SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cookie session without 'Secure' flag

Cookies Attributes

Cookie session without 'Secure' flag

Co-founder, Director

Boolean based Blind SQL Injection (SQLi)

Boolean based Blind SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Phpinfo() Upload Max Filesize

Phpinfo() Upload Max Filesize

Cyber Security Engineer

Phpinfo() Open Base Directory Is Disabled

Phpinfo() Open Base Directory Is Disabled

Cyber Security Lead Engineer

Vignette Content Management Vulnerabilty

Vignette Content Management Vulnerabilty

Cyber Security Lead Engineer

Ultimate PHP Board Data Disclosure

Ultimate PHP Board Data Disclosure

Cyber Security Engineer

US Social Security Number disclosure

US Social Security Number disclosure

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Test for XML-RPC Interface

Test for XML-RPC Interface

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Test For Oracle Application Server

Test For Oracle Application Server

Cyber Security Engineer

Upload Temp Directory is Everyone

Upload Temp Directory is Everyone

Cyber Security Engineer

Test For Checking Session Cookie Httponly

Test For Checking Session Cookie Httponly

Cyber Security Engineer

Test For Checking Magic Quotes Gpc is On

Test For Checking Magic Quotes Gpc is On

Co-founder, Director

Test For Checking File Uploads

Test For Checking File Uploads

Co-founder, Director

TLS OpenSSL compatibility

TLS OpenSSL compatibility

Cyber Security Engineer

TLS Firefox compatibility

TLS Firefox compatibility

Co-founder, Director

TLS Edge compatibility

TLS Edge compatibility

Cyber Security Lead Engineer

TLS Chrome compatibility

TLS Chrome compatibility

Cyber Security Engineer

TLS Android compatibility

TLS Android compatibility

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Stored Cross Site Scripting

Stored Cross Site Scripting

Cyber Security Lead Engineer

Password Autocomplete in Browser

Password Autocomplete in Browser

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Parameter Tampering

Parameter Tampering

Cyber Security Engineer

PHP session.save_path Security Restriction Bypass

PHP session.save_path Security Restriction Bypass

Cyber Security Engineer

PHP session.hash_function is SHA

PHP session.hash_function is SHA

Cyber Security Lead Engineer

PHP session.hash_function is MD5

PHP session.hash_function is MD5

Co-founder, Director

PHP post_max_size show phpinfo()

PHP post_max_size show phpinfo()

Cyber Security Engineer

PHP code injection

PHP code injection

Co-founder, Director

PHP cURL Security Bypass

PHP cURL Security Bypass

Co-founder, Director

PHP allow_url_include is enabled

PHP allow_url_include is enabled

Cyber Security Lead Engineer

PHP allow_url_fopen is enabled

PHP allow_url_fopen is enabled

Cyber Security Engineer

PHP Higher Privilege execution

PHP Higher Privilege execution

Cyber Security Lead Engineer

Old TLS backward compatibility

Old TLS backward compatibility

Cyber Security Engineer

Missing Fallback Signaling Cipher Suite Value

Missing Fallback Signaling Cipher Suite Value

Cyber Security Lead Engineer

Microsoft Site Server Information Disclosure

Microsoft Site Server Information Disclosure

Cyber Security Engineer

Microsoft RDS Arbitrary Remote Command Execution

Microsoft RDS Arbitrary Remote Command Execution

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Meridian Integrated Personal Call Director Password Disclosure

Meridian Integrated Personal Call Director Password Disclosure

Cyber Security Engineer

Joomla common log files

Joomla common log files

Co-founder, Director

Joomla admin page

Joomla admin page

Co-founder, Director

Joomla User Registration Process

Joomla User Registration Process

Co-founder, Director

Joomla Debug Mode status

Joomla Debug Mode status

Co-founder, Director

Joomla Core vulnerability

Joomla Core vulnerability

Co-founder, Director

Intermediate TLS compatibility

Intermediate TLS compatibility

Co-founder, Director

Co-founder, Director

Dl PHP cgi.force_redirect disabled

Dl PHP cgi.force_redirect disabled

Co-founder, Director

Cross origin Resource Sharing Implemented With Public Access

Cross origin Resource Sharing Implemented With Public Access

Cyber Security Lead Engineer

Cross Origin Resource Sharing Not Implemented

Cross Origin Resource Sharing Not Implemented

Co-founder, Director

Cross Origin Resource Sharing Implemented With Restricted Access

Cross Origin Resource Sharing Implemented With Restricted Access

Co-founder, Director

Content Type Header Missing

Content Type Header Missing

Cyber Security Lead Engineer

Administration page exposure

Administration page exposure

Cyber Security Lead Engineer

Apache .htaccess LIMIT misconfiguration

Apache .htaccess LIMIT misconfiguration

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Theme 'Elegant' Privilege Escalation

WordPress Theme 'Elegant' Privilege Escalation

Cyber Security Lead Engineer

WordPress Stored Cross-Site Scripting (XSS)

WordPress Stored Cross-Site Scripting (XSS)

Cyber Security Lead Engineer

WordPress SQL Injection

WordPress SQL Injection

Cyber Security Engineer

WordPress Directory Traversal Attack

WordPress Directory Traversal Attack

Cyber Security Engineer

WordPress Authentication Bypass

WordPress Authentication Bypass

Cyber Security Engineer

Unvalidated Document Object Model redirection

Unvalidated Document Object Model redirection

Cyber Security Engineer

Publicly Writable Directory

Publicly Writable Directory

Cyber Security Engineer

Origin Spoof Access Restriction Bypass

Origin Spoof Access Restriction Bypass

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Document Object Model Based Cross Site Scripting

Document Object Model Based Cross Site Scripting

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Common Administration Interfaces

Common Administration Interfaces

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Blind OS Command Injection Using Timing Attacks

Blind OS Command Injection Using Timing Attacks

Cyber Security Engineer

Wordpress Themes Email Spoofing

Wordpress Themes Email Spoofing

Cyber Security Engineer

WordPress unsafe redirect for login

WordPress unsafe redirect for login

Cyber Security Engineer

WordPress unpatched Denial Of Service (DoS)

WordPress unpatched Denial Of Service (DoS)

Cyber Security Engineer

WordPress WPDB SQL Injection

WordPress WPDB SQL Injection

Cyber Security Engineer

WordPress VideoJS plugins Cross-site Scripting (XSS)

WordPress VideoJS plugins Cross-site Scripting (XSS)

Cyber Security Engineer

WordPress Themes Information Disclosure

WordPress Themes Information Disclosure

Cyber Security Engineer

WordPress Slider Revolution Shell Upload

WordPress Slider Revolution Shell Upload

Cyber Security Engineer

$WordPress Refraction Theme Multiple Vulnerabilities$

WordPress Refraction Theme Multiple Vulnerabilities

Cyber Security Engineer

WordPress Reflected Cross-Site Scripting

WordPress Reflected Cross-Site Scripting

Cyber Security Engineer

WordPress RSS and Atom Feed Escaping

WordPress RSS and Atom Feed Escaping

Cyber Security Engineer

WordPress Plugin VideoJS and Cross Site Scripting

WordPress Plugin VideoJS and Cross Site Scripting

Cyber Security Engineer

WordPress Open Redirect

WordPress Open Redirect

Cyber Security Engineer

WordPress Large File Upload Error XSS

WordPress Large File Upload Error XSS

Cyber Security Engineer

WordPress Key Weak Hashing

WordPress Key Weak Hashing

Cyber Security Engineer

WordPress Insufficient redirect validation

WordPress Insufficient redirect validation

Cyber Security Engineer

WordPress HTML Language Attribute Escaping

WordPress HTML Language Attribute Escaping

Cyber Security Engineer

WordPress Filesystem Credentials Dialog CSRF

WordPress Filesystem Credentials Dialog CSRF

Cyber Security Engineer

WordPress Escape Version in Generator Tag

WordPress Escape Version in Generator Tag

Cyber Security Engineer

WordPress Directory traversal

Directory traversal

WordPress Directory traversal

Cyber Security Engineer

WordPress Cross-Site Scripting

WordPress Cross-Site Scripting

Co-founder, Director

Ghostcat Vulnerability (CVE-2020–1938)

Ghostcat Vulnerability (CVE-2020–1938)

Co-founder, Director

Document Object Model Cross Site Scripting on WordPress

Document Object Model Cross Site Scripting on WordPress

Co-founder, Director

Authentication Bypass and Stored Cross Site Scripting

Authentication Bypass and Stored Cross Site Scripting

Co-founder, Director

PhpMyExplorer Directory traversal

PhpMyExplorer Directory traversal

Cyber Security Lead Engineer

XPath Injection

XPath Injection

Co-founder, Director

WebDAV Detection

WebDAV Detection

Co-founder, Director

Unsafe preg_replace usage

Unsafe preg_replace usage

Co-founder, Director

Unhandled error in web application

Unhandled error in web application

Co-founder, Director

Rosetta flash vulnerability

Rosetta flash vulnerability

Cyber Security Lead Engineer

Reflected File Download vulnerability

Reflected File Download vulnerability

Cyber Security Lead Engineer

Potentially dangerous file

Potentially dangerous file

Cyber Security Lead Engineer

Phishing vector vulnerability found

Phishing vector vulnerability found

Cyber Security Engineer

PHP-Gastebuch Disclosing System Information

PHP-Gastebuch Disclosing System Information

Cyber Security Engineer

Cyber Security Engineer

Cyber Security Engineer

Local File Inclusion

Local File Inclusion

Cyber Security Engineer

Lightweight Directory Access Protocol (LDAP) injection

Lightweight Directory Access Protocol (LDAP) injection

Cyber Security Engineer

Lack of wildcard DNS entry found

Lack of wildcard DNS entry found

Cyber Security Engineer

Information sent using unencrypted channels

Information sent using unencrypted channels

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Response Splitting Vulnerability

HTTP Response Splitting Vulnerability

Cyber Security Engineer

HTTP Method Vulnerability Found

HTTP Method Vulnerability Found

Co-founder, Director

Guessable credentials found

Guessable credentials found

Cyber Security Engineer

Database can be read without authentication

Database can be read without authentication

Cyber Security Engineer

Auto complete not disabled

Auto complete not disabled

Cyber Security Engineer

X-XSS-Protection Not Implemented

X-XSS-Protection

X-XSS-Protection Not Implemented

Cyber Security Engineer

Website contains SVN metadata directory

Website contains SVN metadata directory

Cyber Security Lead Engineer

Website contains Git metadata directory

Website contains Git metadata directory

Cyber Security Engineer

Tickets option leak uninitialised memory

Tickets option leak uninitialised memory

Cyber Security Engineer

Subresource Integrity (SRI) implemented, but external scripts are loaded over http

Subresource Integrity (SRI) implemented, but external scripts are l...

Cyber Security Lead Engineer

Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely

Subresource Integrity (SRI) is not implemented, and external script...

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Site did not return a status code of 200

Site did not return a status code of 200

Cyber Security Engineer

Session Cookie set without 'Secure' Flag but protected by HSTS

Cookies Attributes

Session Cookie set without 'Secure' Flag but protected by HSTS

Cyber Security Engineer

Co-founder, Director

Processing of Change Cipher Spec

Processing of Change Cipher Spec

Cyber Security Lead Engineer

Obtain plaintext by observing length differences

Obtain plaintext by observing length differences

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Logjam common primes

Logjam common primes

Cyber Security Engineer

Information leakage in EXIF data of images

Information Leakage

Information leakage in EXIF data of images

Co-founder, Director

Heartbleed vulnerability

Heartbleed vulnerability

Cyber Security Lead Engineer

HTTP Strict Transport Security (HSTS) header not implemented

HTTP Strict Transport Security (HSTS) header not implemented

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Strict Transport Security header not available over HTTPS

HTTP Strict Transport Security header not available over HTTPS

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header cannot be recognised

HTTP Strict Transport Security (HSTS) header cannot be recognised

Cyber Security Engineer

HTTP Public Key Pinning (HPKP) header cannot be recognised

HTTP Public Key Pinning (HPKP) header cannot be recognised

Co-founder, Director

Fingerprinting Web Application Framework using HTTP headers

Fingerprinting Web Application Framework using HTTP headers

Cyber Security Engineer

Cross-Origin Resource Sharing XML cannot be parsed

Cross-Origin Resource Sharing XML cannot be parsed

Cyber Security Engineer

Cookies SameSite flag invalid

Cookies Attributes

Cookies SameSite flag invalid

Cyber Security Lead Engineer

Cookie without 'Secure' flag but protect by HSTS

Cookie without 'Secure' flag but protect by HSTS

Cyber Security Engineer

Cookie set without 'Secure' flag

Cookies Attributes

Cookie set without 'Secure' flag

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cookie anti-CSRF flag without SameSite flag

Cookies Attributes

Cookie anti-CSRF flag without SameSite flag

Cyber Security Engineer

Content Security Policy (CSP) header not implemented

Content Security Policy

Content Security Policy (CSP) header not implemented

Cyber Security Engineer

Co-founder, Director

Time based Blind SQL Injection (SQLi)

Time Based Blind SQL Injection

Time based Blind SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

IBM DB Boolean based blind sql injection

IBM DB Boolean based blind sql injection

Cyber Security Lead Engineer

Cookie session without 'HttpOnly' flag

Cookies Attributes

Cookie session without 'HttpOnly' flag

Cyber Security Engineer

Referrer-Policy header unsafely

Referrer-Policy header unsafely

Cyber Security Engineer

Redirects to HTTPS eventually, but initial redirection is to another HTTP URL

Client Side URL Redirect

Redirects to HTTPS eventually, but initial redirection is to anothe...

Co-founder, Director

Redirects, but final destination is not an HTTPS URL

Client Side URL Redirect

Redirects, but final destination is not an HTTPS URL

Co-founder, Director

Does not redirect to a HTTPS site from HTTP port

Client Side URL Redirect

Does not redirect to a HTTPS site from HTTP port

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Experience the power of automated penetration testing & contextual reporting.