[WEB SECURITY] WebSite Malware and Samples

Seth Art sethsec at gmail.com
Tue Jun 18 17:40:39 EDT 2013


I would also recommend www.exploit-db.com as a place where you can find
plenty of known joomla and wordpress exploits, among others.

Best off all, the site often has a link to the vulnerable version of the
software, so you can download it and install it in your lab.  Great way to
learn!

-Seth
On Jun 17, 2013 9:02 AM, <dd at sucuri.net> wrote:

> I would recommend our labs for web site malware samples:
>
> http://labs.sucuri.net
>
> And our blog is only about it:
>
> http://blog.sucuri.net
>
> thanks,
>
> On Mon, Jun 17, 2013 at 3:58 AM, Emilio Casbas <ecasbasj at yahoo.es> wrote:
> > Hi,
> >
> > StopBadware has a comprehensive guide to help webmasters with badware in
> > their websites:
> > https://www.stopbadware.org/common-hacks
> > https://www.stopbadware.org/webmaster-help/
> >
> > And resources to help find badware and avoid it in the future:
> > https://www.stopbadware.org/hacked-sites-resources
> >
> > Regards
> > Emilio
> >
> >
> > ________________________________
> > De: Christian Heinrich <christian.heinrich at cmlh.id.au>
> > Para: Gautam <gautam.edu at gmail.com>
> > CC: websecurity at webappsec.org
> > Enviado: Domingo 16 de junio de 2013 4:08
> > Asunto: Re: [WEB SECURITY] WebSite Malware and Samples
> >
> > Gautam,
> >
> > I have quoted two sentences from your e-mail:
> >
> > On Sun, Jun 16, 2013 at 9:31 AM, Gautam <gautam.edu at gmail.com> wrote:
> >> Most of them were either Wordpress or Joomla.
> >
> > On Sun, Jun 16, 2013 at 9:31 AM, Gautam <gautam.edu at gmail.com> wrote:
> >> 2. Second possibility is that there were knows/unknown security bugs in
> >> the web that were exploited.
> >
> > Are you seeking the CVE(s) of the injection vulnerabilities within
> > Joomla and Wordpress?
> >
> >
> >
> > --
> > Regards,
> > Christian Heinrich
> >
> > http://cmlh.id.au/contact
> >
> > _______________________________________________
> > The Web Security Mailing List
> >
> > WebSecurity RSS Feed
> > http://www.webappsec.org/rss/websecurity.rss
> >
> > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> >
> > WASC on Twitter
> > http://twitter.com/wascupdates
> >
> > websecurity at lists.webappsec.org
> >
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> >
> >
> >
> > _______________________________________________
> > The Web Security Mailing List
> >
> > WebSecurity RSS Feed
> > http://www.webappsec.org/rss/websecurity.rss
> >
> > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> >
> > WASC on Twitter
> > http://twitter.com/wascupdates
> >
> > websecurity at lists.webappsec.org
> >
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
> >
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130618/3c1f2ee3/attachment-0003.html>


More information about the websecurity mailing list