Web Application
Security Research

In-depth analysis of our latest vulnerability findings and best practices for secure development.

Roundcube 1.2.2: Command Execution via Email

10 min read 6 Dec 2016 by Robin Peraglie
Roundcube is a widely distributed open-source webmail software used by many organizations and companies around the globe. In this post, we show how a malicious user can remotely execute arbitrary commands on the underlying operating system, simply by writing an email in Roundcube 1.2.2 (>= 1.0). This vulnerability is highly critical because all default installations are affected.

Expression Engine 3.4.2: Code Reuse Attack

9 min read 5 Dec 2016 by Hendrik Buchwald
Expression Engine is a popular general purpose content management system that is used by thousands of individuals, organizations, and companies around the world. In this post, we will examine a code reuse vulnerability that leads to remote code execution. This vulnerability type allows an attacker to partly control the applications logic and to chain existing code fragements.

Introducing the RIPS analysis engine

10 min read 4 Dec 2016 by Johannes Dahse
In today’s post, we would like to share some insights into our static code analysis engine RIPS that detected the security bugs described in the previous and upcoming calendar gifts. The engine has a long history and went through several generations before reaching its current performance. What does it actually do within the few seconds after you click on the scan button and the first vulnerability report pops up?

eFront 3.6.15: Steal your professors password

8 min read 3 Dec 2016 by Martin Bednorz
Today, we present our analysis results for eFront, the open-source edition of the thriving e-learning platform eFrontPro. The platform is used by hundreds of organizations world-wide and consists of over 700,000 lines of PHP code, rendering manual security analysis ineffective at best. We will analyze two SQL injections that can be used to leak sensitive data.

Coppermine 1.5.42: Second-Order Command Execution

11 min read 2 Dec 2016 by Martin Bednorz
The second gift in our advent calendar contains descriptions of vulnerabilities in Coppermine, a very popular picture gallery application written in PHP and in active development since 2003. It consists of ~160,000 lines of code (medium-sized web application) and is downloaded roughly 1,200 times per week.