Multiple vulnerabilities in Concrete CMS – part2 (PrivEsc/SSRF/etc)

Intro We have previously wrote about Concrete CMS here. In that post we described how we managed to exploit a double race condition vulnerability in the file upload functionality in order to obtain remote command execution. In this blog post we will present multiple vulnerabilities in Concrete CMS that we have found at the end

Multiple Concrete CMS vulnerabilities ( part1 – RCE )

INTRO Concrete CMS is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content directly from the page. It provides  version management for every page,similar to wiki software, another type of web site development software. Concrete5 allows users to edit images through an embedded editor on the

Multiple vulnerabilities in cPanel/WHM

Intro cPanel is a web hosting control panel software developed by cPanel, LLC. It provides a graphical interface (GUI) and automation tools designed to simplify the process of hosting a web site to the website owner or the “end user”. It enables administration through a standard web browser using a three-tier structure. While cPanel is

Drupal insecure default leads to password reset poisoning

What is Drupal? Drupal is a free and open-source web content management framework written in PHP. Drupal provides a back-end framework for at least 13% of the top 10,000 websites worldwide – ranging from personal blogs to corporate, political, and government sites according to Wikipedia. For this test we used the latest version of Drupal with