AppCheck news & events

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

read more

Drupal 7 SQL Injection – Use AppCheck NG to Discover if You Are Affected

Drupal is a popular open source content management system (CMS). The CMS platform is used by hundreds of thousands of organisations globally and has one of the largest user communities.

On 15th October 2014, a pre-authentication SQL injection vulnerability (CVE-2014-3704) was disclosed after a code audit of Drupal extensions. The vulnerability was found in the way Drupal handles prepared statements meaning a malicious user can inject arbitrary SQL queries and control the Drupal installation.

Read more

Unpatched Vulnerabilities in Magento E-Commerce Platform

On April 8th 2014, AppCheck reported several Cross Site Scripting Vulnerabilities in the Magento e-commerce platform via the eBay bug bounty program.  eBay responded to inform us that the vulnerabilities had already been reported.

However, since more than 6 months have passed and no fix is yet available, This advisory is intended to inform Magento administrators of the vulnerability so that action can be taken to mitigate the flaw.

Read more