tag:blogger.com,1999:blog-1143969814964735268Wed, 30 May 2012 18:35:57 +0000drupalport scanfull path disclosuremod_securityzero day bugfree web security scannerKyplex blog is a blog of Kyplex ltd the creator or web security scanner and website antivirushttp://blog.kyplex.com/noreply@blogger.com (Kyplex Cloud Security Blog)Blogger10125tag:blogger.com,1999:blog-1143969814964735268.post-8157182509494620179Sat, 06 Aug 2011 19:24:00 +00002011-08-06T14:25:59.346-07:00Hello AllThis time I would like to cover security bug that I have seen today while doing some tests with our security scanner. We have added special signatures to our ZeroDayScan web security scanner to check for such bugs. In brief PHP has another method that can be used to perform SQL injections. This is not widely known bug for PHP community.PHP is very popular language used in a lot of http://blog.kyplex.com/2011/08/php-security-automatic-integer.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-8866522855988789575Tue, 26 Jul 2011 07:09:00 +00002011-07-26T00:34:35.974-07:00One of our clients got hacked and we urged to help him to identify the security issue that the black hat hacker discovered to break into his website.This specific customer had some outdated software that allowed the users to upload arbitrary files. The fraudster used that script to upload PHP script on his website and got control over the website. After that, this PHP script downloaded IRC bot http://blog.kyplex.com/2011/07/casper-downloader-gets-shell-access.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-7077173843581230923Thu, 31 Mar 2011 09:38:00 +00002011-03-31T03:11:36.367-07:00We are rebuilding one of our sites witch was used as a blog in the past. We decided to republish one of it's posts here.Sometimes, for the research we need to download massive amounts of content from password-protected websites. It can be done manually using Internet Explorer, though it becomes a problem when downloading large amounts of pages. Manually, it is a tedious task, which can be http://blog.kyplex.com/2011/03/curl-wget-password-protected-pages.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-6611210303150747339Fri, 15 Oct 2010 13:02:00 +00002010-10-15T06:13:33.234-07:00Today I would like to tell you about a new and exciting feature that we have added to the scanner – Website Virus Detection. ZeroDay web security scanner now is able to identify malware urls in the scanned websites. Some of the ulrs, especially the ones crafted with iframe HTML tag, are opened in automatic way. So, if a user visits this page, his browser will be under attack. It happens because ahttp://blog.kyplex.com/2010/10/website-virus-detection.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-8599193330056316003Sat, 03 Jul 2010 20:31:00 +00002010-07-28T13:25:19.642-07:00Hello AllWe are constantly adding new features to our scanner. This time we would like to discuss our new feature that is important for all ZeroDayScan users. Our new reports contain a number of connection errors printed in the report summary. For example take a look at the following print screen.This connection error number specifies number of cases when our web security scanner had a problem http://blog.kyplex.com/2010/07/number-of-connection-errors.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-6155399359553890105Tue, 01 Jun 2010 19:29:00 +00002010-06-01T13:33:18.188-07:00We have great news for all our users.Our web security service was just reviewed by the leading KillerStartups.com blog covering the hottest start-ups over the internet.Here is a direct link to the review page: http://www.killerstartups.com/Web-App-Tools/zerodayscan-com-scan-how-secure-your-site-isVote for us and spread the world about our service!http://blog.kyplex.com/2010/06/great-review-by-killerstartupscom.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-1757406678900635614Thu, 13 May 2010 20:27:00 +00002010-05-17T23:09:07.904-07:00mod_securityHello,Today, while digging into the security scanner's logs, I found a strange response returned from one of the servers. We got "406 Not Acceptable" response saying that "An appropriate representation of the requested resource /xxx/yyyyyy.php could not be found on this server."After some research, it turned out, that this error originated from the mod_security Apache module. This is a great toolhttp://blog.kyplex.com/2010/05/zerodayscan-scanner-and-apache.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-3569592220486384265Mon, 26 Apr 2010 21:20:00 +00002010-05-15T02:46:13.245-07:00zero day bugfull path disclosuredrupalHello,This time, we would like to share with you a few bugs ZeroDayScan found in default Drupal installation (Drupal 6.16). Both of these bugs lead to full path directory disclosure in the default Drupal installation.Why it is important?Full path directory disclosure bugs allow the attacker to study the internal structure of your website. It is very helpful in case SQL injection is found on the http://blog.kyplex.com/2010/04/full-path-disclosure-bug-in-drupal-616.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)6tag:blogger.com,1999:blog-1143969814964735268.post-6365012974856718840Tue, 20 Apr 2010 12:57:00 +00002010-05-15T02:27:03.400-07:00free web security scannerport scanHello everybody,We have some very good news for all of our users. As you should know, we are constantly working on adding new features to our web security scanner. Recently we added a new application feature that I would like to share with you. That is the port scanner as part of the free scanning service.So if you submit your website to our security scan, together with all the SQL Injections andhttp://blog.kyplex.com/2010/04/port-scan-feature-added.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0tag:blogger.com,1999:blog-1143969814964735268.post-9121236811807121739Mon, 19 Apr 2010 17:57:00 +00002010-05-15T02:25:01.527-07:00Hello All,Welcome to the zerodayscan blog. Here we are going to publish project news as well as interesting security findings.http://blog.kyplex.com/2010/04/this-is-first-post.htmlnoreply@blogger.com (Kyplex Cloud Security Blog)0