Blog

  • Multiple vulnerabilities in cPanel/WHM
    Intro cPanel is a web hosting control panel software developed by cPanel, LLC. It provides a graphical interface (GUI) and automation tools designed to simplify the process of hosting a web site to the website owner or the “end user”. It enables administration through a standard web browser using a three-tier structure. While cPanel is
  • Fortbridge receives CREST accreditation for Penetration Testing services
    We are pleased to announce that Fortbridge is now a CREST accredited Penetration Testing Provider. Our dedicated team has experience in a wide range of industries, having worked previously in top tech companies in the UK/EU & US, focusing on application security and cloud security, both from an offensive as well as defensive perspective. About us Fortbridge
  • Drupal insecure default leads to password reset poisoning
    What is Drupal? Drupal is a free and open-source web content management framework written in PHP. Drupal provides a back-end framework for at least 13% of the top 10,000 websites worldwide – ranging from personal blogs to corporate, political, and government sites according to Wikipedia. For this test we used the latest version of Drupal with
  • Joomla password reset vulnerability and a stored XSS for full compromise
    Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features to achieve full compromise of the underlying server. Joomla has a strong OOP architecture and a large codebase. Strong input validation