Post-auth SQL injection in FreePBX

Last time I found new cool CTF (you will find it at VulnHub) I would like to play. This time it will be something related to some Voip-scenario... Ok. I decided that it will be a good idea to take break for a moment and check the 'latest' available ISO for FreePBX ;]

Because of some problems (VirtualBox and SNG7-PBX-64bit-1712-2) I tried the 'historical' version: 10.13.66-32bit. Below you will find results (related only to the SQL injection bug I found...

Brainpan2 - CTF

After I finished playing Pegasus I started next one VM with CTF called "Brainpan:2". The game was prepared by superkojiman. Thanks to VulnHub you can find it hosted here. Let's play...

Pegasus - CTF

In the middle of time I had a chance to check another cool CTF hosted at the VulnHub. This time we will play Pegasus by Knapsy. Let's go...

Bulldog - CTF

Last time when I tried CTF from VulnHub it was (as usual;]) very cool. That's why I think, today is a good time to try another one. This time we will check Bulldog CTF by Nick Frichette (thanks!).
Let's start from the beginning...

SkyTower - CTF

In the middle of time I had a chance to check another cool CTF hosted at the VulnHub. This time we will play SkyTower by Telspace. Let's go...

Fuzzing ArcSight 6.x - 01 - ArcSoloBug.exe

I think it is some kind of an old-ancient exe 'still available' after the default installation... Anyway. Few details below. Maybe you will find it useful...

Wipe TrendMicro - Deep Discovery Inspector

Well. This time I found that if you're logged-in you can 'wipe' remote device using one request... Here we go...

Few crashes for MS Access 2010

(afaik 19... :| )

Few crashes - MS Publisher 2010

(no time...)

Few notes for v0.7

(No time. maybe later.)