Friday, October 31, 2014

ASL HackMe Labs - Yet another vulnerable web application!

ASL HackMe Labs is yet another vulnerabile web application to practice various web based attacks. You can practice many web application attacks with these labs. Can be installed in both XAMPP and WAMPP.
To install extract all contents in web root.
Create a database named "security" and import security.sql file to it.
For RFI to work set allow_url_include=On and allow_url_fopen=On in your php.ini

Attacks You Can Practice With ASL HackMe Labs are

1) SQLi login bypass
2) SQLi Error Based
3) SQLi UNION based
4) Bilnd SQLi
5) SQLi filter bypassing
7) User Agent based SQLi
8) XSS through SQLi
9) Upload webshell through SQLi
10) XSS
11) User Agent based XXS
12) Full Path Disclosure
13) LFI
14) RFI
15) PHP Wrapper injections
16) Cookie based SQLi
17) Image Upload bypasses
18) Javascript Login Bypass
19) Logs Poisoning
20) Remote Command Execution
21) Header Injections

There are three realistic scenarios also.

Download ASL HackMe Labs Here

Keep checking our blog and youtube channel for ASL HackMe Labs tutorials:
Youtube Channel:

Thursday, October 23, 2014

CVE-2014-6352 OLE Remote Code Execution Vulnerability

Here is working exploit POC for CVE-2014-6352 OLE Remote Code Execution Vulnerability. Available through our exploit subscription and binary analysis program.