Filter by tag: apav2016

The State of Wordpress Security

16 min read 14 Dec 2016 by Hendrik Buchwald
Plugins from the community are an integral part of most Wordpress sites. We downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS. Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad?

phpBB 2.0.23 - From Variable Tampering to SQL Injection

7 min read 13 Dec 2016 by Johannes Dahse
In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.

Teampass 2.1.26.8: Unauthenticated SQL Injection

10 min read 12 Dec 2016 by Martin Bednorz
The next gift in our advent calendar reveals security issues in Teampass, a collaborative password manager first published in late 2011. We detected a critical unauthenticated SQL injection and many file inclusions which could have led to many leaked passwords and angry users. The issues were reported and fixed earlier this year.

Rescanning Applications with RIPS

9 min read 11 Dec 2016 by Daniel Peeren
After an automated security analysis of an application with RIPS, the application can be rescanned again. Within another round of security analysis, implemented patches can be verified or the analysis settings of the previous scan can be refined. In todays calendar post, we are introducing some of the rescanning and reviewing features of RIPS based on an example and see how rescanning works and what benefits it brings.

Non-Exploitable Security Issues

7 min read 10 Dec 2016 by Hendrik Buchwald
In our previous calendar posts, we covered specific security issues in popular open-source applications that were detected by our code analysis solution RIPS. Most of the released issues lead to remote command execution, the most critical security vulnerability in PHP applications. But are all findings always exploitable? For more diversity of our calendar, we would like to introduce a few interesting examples today that turned out to be not exploitable and how RIPS handles these scenarios.