Research Lab

RedSecLabs | Research Lab

Our research lab is an integral part of our work. We are seeking to drive security evolution, combining insights from our security research community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. Our goal is to fix issues before consumers are put at risk; or publicly discuss flaws in systems where this did not happen. Our lab is an open collective of like-minded thinkers. If you are interested in our projects and the lab, get in touch or consider working with us.

To make the respective manufacturers sufficient time for correcting the weaknesses, our researchers update according to the following schedule:

  • Review of an application to vulnerabilities
  • Creation of Proof of Concept exploits
  • Contact the manufacturer
  • Wait for the manufacturer's feedback
  • Where appropriate, a functional patches for the vulnerabilities sending
  • If the manufacturer provides the safety instruction publish a patch for that vulnerability

In the following section you will find a list of some of our findings

Product Vulnerability Classification Details
Google Chrome 109.0.5414.74 Unsafe Library Load Details
Turtlapp Turtle Note v0.7.2.6 HTML injection Details
QNAP Device Path Traversal Details
DuckDuckGo 7.64.4 Address Bar Spoofing Details
Parallels Plesk Panel 9.5 Cross Site Scripting Details
Poking A Hole In Whitelist For Bypassing Firewall Firewall Bypass Details
Bypassing Browser Security Policies For Fun And Profit Browser Security Bypass Details
Microsoft Internet Explorer 11 XSS Filter Bypass XSS Filter Bypass Details
Drupal 8.0.x-dev Cross Site Scripting Details
Shell Shock Auto Exploitation Script Shellshock Vulnerability Details
Maxthon Browser Address Bar Spoofing Details
CM Browser SOP Bypass Details
Google Chrome 36.0 XSS Auditor Bypass Details
Android Browser Same Origin Policy Bypass Details
HTML5 Modern Day Attack And Defence Vectors Whitepaper called HTML5 Modern Day Attack and Defence Vectors Details
WordPress TimThumb Finder 1.0 Beta This is a python script that scans a webserver for timthumb.php Details
Lavarel-Security XSS Filter Bypass Details
WordPress Infocus Theme Cross Site Scripting Details
phpMyRecipes 1.x.x XSS / CSRF / SQL Injection phpMyRecipes version 1.x.x suffers from XSS, CSRF, SQL Injection vulnerabilities. Details
Bypassing Modern Web Application Firewalls WAF Bypass Details
Joomla Flexicontent Remote Code Execution Details
phpThumb 1.7.12 Server Side Request Forgery Details
Joomla JMultimedia Command Execution Details
WordPress Pretty Photo Cross Site Scripting Details SQL Injection Details
OWASP Java Encoder Filter Bypass Details
Google Chrome 31.0 Webkit Auditor Bypass Details
Mental JS Sandbox Bypass Sandbox Bypass Details
Modsecurity Cross Site Scripting Bypass Details
Link Farm Evolution 1.8.7 Cross Site Scripting Details
Xorbin Analog Flash Clock 1.0 For Joomla XSS Flash-based cross site scripting Details
Xorbin Digital Flash Clock 1.0 For WordPress XSS Flash-based cross site scripting Details
Xorbin Digital Flash Clock 1.0 For WordPress XSS Flash-based cross site scripting Details
CyberKendra Search Bar Cross Site Scripting Details
Mod_Security Cross Site Scripting Bypass Details
HtmlCommentBox Cross Site Scripting Details
Joomla Jnews 8.0.1 Cross Site Scripting Details
Joomla Phocagallery 3.0.0 / 4.0.0 Cross Site Scripting Details
Fork CMS Local File Inclusion Details
Fork CMS Cross Site Request Forgery Details
Fork CMS Cross Site Scripting Details
Your Own Classifieds Cross Site Scripting Details
WordPress Caulk Path Disclosure Details
ProActive CMS XSS / CSRF / Open Redirect Details
WHM editfilter.html Stored Cross Site Scripting Details
C-Panel dir.html Cross Site Scripting Details
C-Panel Cross Site Scripting Details

Our Clients