IRS & Equifax: A match made in heaven.

Original post date: Oct. 3, 2017 Updates: Oct. 4, 2017 Today like many others I was in complete shock to learn that the IRS had awarded a contract to Equifax, to “ establish an order for third party data services from Equifax to verify taxpayer identity and to assist...
Continue reading

Online OSINT tools

I realized the other day when doing some OSINT research that I’ve collected quite the set of tools online. My bookmarks are getting a little out of hand so for my own reference, I figured I’d dump them into a blog post  so when I’m trying to remember...
Continue reading

CVE-2014-3117 OpenCart <= 4.3 Reflective XSS

Older versions of OpenCart < v5 had a reflective Cross Site Scripting Vulnerability. I requested this CVE, but never published it because I got busy with other work. So I thought better late than never 🙂 Discovery Date: 04/28/2014 Vendor Notified: 04/30/2014 CVE Assigned: 05/01/2014 Update Released: 06/01/2014...
Continue reading

formtoemail (free email form) – XSS

* Exploit Title: Reflective XSS * Discovery Date: 02/09/2016 * Public Disclosure Date:03/10/2016 * Exploit Author: CJ Chamberland * Contact: @cjchamberland - http://cjchamberland.com * Vendor Homepage: formtoemail.com * Software Link: formtoemail.com (formtoemail.php free is available for download from this site) * Version: 2.5 * Tested on: apache/mac os...
Continue reading

WordPress soaksoak.ru – swfobject.js hides a secret

Today I came across a nasty little booger. It’s added to the wp-includes/swfobject.js file and they used the wp-includes/tempate-loader.php to load it. I did noticed from another message board that it has been around for at least a few weeks, but apparently people are just now discovering it...
Continue reading

Clickjacking and Frame breakout

I have had a few clients ask about their sites being framed to load on other sites without their permission and if their is anything they can do about it. Attackers sometimes do this in “Phishing” attempts. Visitors think they are going to the legitimate site, when in...
Continue reading

Joomla index.php redirects to lyblynoski.isa-geek.com

lyblynoski.isa-geek.com
This was uncovered in several joomla installs last week. Apparently the attackers install some “Fake” modules (in these cases it was  mod_administrator, mod_msn, and mod_araticlhess that were discovered and removed) not sure yet if they are related, but it appears they are, I just need to do more...
Continue reading

Zopim.com compromised – using social engineering

Yes, folks – people still get social engineered. Below is a copy of the email we received on December 11, 2013: Your personal data may have been accessed What happened?  A few hours ago, one of our support staff’s workstation was compromised through a social engineering attack. The...
Continue reading