From cyberspace

  • CVE-2024-25859: Blesta RCE Chain


    Introduction Blesta is a web-based billing and invoicing software designed for hosting providers, web developers, and other businesses that offer online services. https://www.blesta.com/2024/02/08/security-advisory https://nvd.nist.gov/vuln/detail/CVE-2024-25859 This post will be about 3 vulnerabilities in Blesta. By chaining these vulnerabilities together, any attacker could gain code execution in a web server using blesta. Product: Blesta 5.8.2 (Click to…

    Read More

  • IIS – HTTP Parameter Pollution with SQL injection Attacks

    Introduction Typically SQL injection attacks are blocked by Web Application Firewalls. Security researchers are supposed to be get a way to escape this security mechanism. SQL injection attacks aim to execute a query that is manipulated by security researchers. Even though SQLi is a dangerous vulnerability, it’s still exists in web applications. One of good…

    Read More