Posts by author: Robin Peraglie

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection

6 min read 20 Sep 2017 by Robin Peraglie
With over 84 million downloads, Joomla! is one of the most popular content management systems. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password and to fully take over any Joomla! <= 3.7.5 installation that uses LDAP for authentication.

SugarCRM's Security Diet - Multiple Vulnerabilities

10 min read 14 Sep 2017 by Robin Peraglie
SugarCRM is one of the most popular customer relationship management solutions. RIPS uncovered critical security issues that could allow attackers to steal customer data or sensitive files from the server.

Why mail() is dangerous in PHP

8 min read 3 May 2017 by Robin Peraglie
Recently, many critical security vulnerabilities were fixed in popular PHP applications such as Roundcube, Wikimedia and Zend Framework that based on insecure usage of the PHP mail() function. In this post, we have a look at the common ground of these vulnerabilities and how to use mail() securely.

osClass 3.6.1: Remote Code Execution via Image File

10 min read 19 Dec 2016 by Robin Peraglie
In todays calendar gift, we present another beautiful chain of vulnerabilities which, in the end, allows an attacker to remotely execute arbitrary PHP code. This time, an attacker can smuggle his PHP payload through a valid image file. The issues were detected by RIPS in the open source marketplace software osClass 3.6.1 used for creating classifieds sites.

Redaxo 5.2.0: Remote Code Execution via CSRF

8 min read 16 Dec 2016 by Robin Peraglie
Redaxo 5.2.0 is the latest release of a simple content management system that is mostly used in Germany. Today we are going to present our scan results for Redaxo and explain how completely omitting anti-CSRF measures can have a significant security impact.