Filter by tag: variable tampering

Breaking Into Your Company's Internal Network - SuiteCRM 7.11.4

15 min read 20 Aug 2019 by Robin Peraglie
SuiteCRM, a customer relationship software, is a great first economic choice as CRM software because it is free and open source. However, in this blog post we will see how a vulnerable web application deployed in the internal network of your company can act as a charming entry gateway for any adversary.

phpBB 2.0.23 - From Variable Tampering to SQL Injection

7 min read 13 Dec 2016 by Johannes Dahse
In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.