Monstra CMS 3.0.4 Unauthenticated User Credential Exposure

Whilst pratting around on hackthebox.eu, someone had uploaded a machine which used the Monstra CMS platform versions 3.0.4. Getting a tad frustrated I downloaded the platform to look at the code directly. Unknowingly stumbling across the username “database” which is in fact an XML file. This file contains all user credential information including the password … More Monstra CMS 3.0.4 Unauthenticated User Credential Exposure

IoT – Stopping Your Toasters Plot For World Domination

So now we don’t just have to be worried about politics and financial issues… we have to be concerned that our toaster will want to take part in world domination and that our vacuum cleaners will spy on us in an attempt to provide better advertising. So how do we control these wild little things … More IoT – Stopping Your Toasters Plot For World Domination