Fabio Pires

Fabio Pires
Yet Another Security Blog

about presentations stuff home

Uber Hacking: How We Found Out Who You Are Where You Are and Where You Went

Apr 9, 2016
What can be more exciting than being authorized to test one of the most hyped companies in 2016?

READ MORE
Multiple SQL Injection in JNews (CVE-2015-7342)

Oct 28, 2015
The JNews component was found to be vulnerable to SQL Injection affecting multiple pages.

READ MORE
SQL Injection in AcyMailing (CVE-2015-7338)

Oct 28, 2015
The AcyMailing component was vulnerable to SQL Injection on the export controller. This was another issue discovered by me, Filipe and Vitor while we were looking for low-hanging fruits in the TOP Joomla plugins.

READ MORE
SQL Injection in JEvents (CVE-2015-7340)

Oct 28, 2015
JEvents component was vulnerable to SQL Injection on new events functionality. This vulnerability was located inside the backoffice.

READ MORE
osTicket – Downloading files from other users

Oct 26, 2015
A post disclosing some details of an Insecure Direct Object Reference (IDOR) vulnerability discovered in the latest version of osTicket, back in 2015. I decided to dig into the internals of this product for the challenge and the fun, nothing else. The vulnerability was fixed by osTicket in one day.

READ MORE