Due to a lack of input sanitisation and auto-removal of the installation script, an unauthenticated user is able to re-purpose the connect.php file to gain remote code execution.
Continue reading
Using an SQL injection vulnerability, arbitrary markup can be reflected back to the user, achieving JavaScript execution in the context of the authenticated user.
Continue reading
Due to a lack of input sanitisation, arbitrary `SELECT` statements can be executed and the results viewed in the field management page.
Continue reading
Whilst doing some research this evening, I acquired a plugin from an unofficial distributor. When doing exploit development, I do so in an isolated environment with all external network access disabled, for situations such as these.
Continue reading
Reading barcodes in Android from the Panasonic FZ-N1 barcode scanner is natively achievable via the dispatchKeyEvent method within an Activity.
Continue reading