WER IST SIBERAS?

Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.

KONTAKT
  • siberas GmbH
  • Karl-Krämer-Strasse 29
    71364 Winnenden
    Deutschland
  • info@siberas.de
'

TYPO3-CORE-SA-2016-013 analysis

TYPO3 is an enterprise Open Source CMS based on PHP. While it might not be as well-known as competitors like Joomla or Wordpress, it has quite a high market share here in Germany. During a recent penetration test I had to deal with an outdated Typo3 installation that was vulnerable to CVE-2016-5091. As details for this vulnerability were not publicly available, I thought I share my analysis.

Read More

Custom Viewer

With release 0.9.17 watobo introduced a new viewer pane. This custom viewer gives you full control of how the output should look like. It enables you to parse the response (extract, format, decode, …) and display only the relevant parts by using the power of ruby – an example will follow shortly. The custom viewer is available in the main window’s response viewer as well as in the manual request editor response - the latter we use for this tutorial.

Read More

WATOBO Running SQLMap

In WATOBO version 0.9.9 I introduced a new plugin which builds a bridge between WATOBO and sqlmap.

Read More

WATOBO 0.9.9 Supports Transparent Mode

“Cool, WATOBO can act as a transparent proxy. But why do I need this feature?” Right, most of the time when you’re pentesting a web application you only have to configure your browser to use a proxy. This will work for most of the applications designed for web browsers.

Read More

Installing WATOBO on BackTrack 5R2

The following script installs all necessary gems on your BackTrack system:

Read More