News
28 January 2018
Considerations before using keybase.io
Keybase.io is a service that according to their website “maps your identity to your public keys, and vice versa.”. It is also doing other optional things such as an encrypted filesystem and synchronized key management.
28 January 2018
Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix
Microsoft won’t patch this one — so we did. CVE-2014-4971 is a known privilege escalation vulnerability in the MSMQ service on Windows XP. Citadelo’s unofficial hotfix helps secure legacy systems against this active exploit.
28 January 2018
WebsiteBaker CMS 2.10.0 – Multiple SQL Injection Vulnerabilities
The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WebsiteBaker database user
26 January 2018
ExtendedMacro – BurpSuite plugin
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
26 January 2018
From XSS to Code Execution: MODX Revolution 2.5.6 Security Breakdown
Citadelo researchers uncovered multiple vulnerabilities in MODX Revolution 2.5.6 and lower — including unauthenticated file inclusion, XSS, and even authenticated code execution. Sites using outdated versions should patch immediately.
26 January 2018
We found vulnerability of CMS Made Simple
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.