WEP/WPA key generator for Huawei gateways

by Paulino Calderon on Sat, Jan 22 2011 00:43:00

We are proud to release our WEP/WPA default key generator for Huawei HG520x and HG530 Gateways. These devices use a weak cipher to generate their default keys and Humberto Ochoa, one of our vulnerability researchers at Websec, did a great job deciphering the algorithm:

Mac2wepkey - WEP/WPA default key generator for Huawei HG250x and HG530 Gateways

Ironically, Prodigy Telmex, the biggest ISP in Mexico, just replaced my old 2wire router with one of these vulnerable modems, a newer and "better" device (According to their technician of course hehe). 

XSS vulnerabilities in Croogo CMS 1.3

by Paulino Calderon on Tue, Jun 15 2010 03:52:00

Croogo CMS is prone to HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.


Vulnerable Software: 1.3
Full disclosure Date: 2010-06-14
Last Update: 2010-05-10
Critical: Low
Impact: HTML injection
           Session hijack
           Denial of service
           Code execution

Solution Status: Vendor informed and patch submitted to public repository


Croogo is a content management system gaining popularity rapidily in the CAKEPHP community.


Croogo CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.


Attackers can exploit this issue with a web browser sending malicious code through the field 'name' located in the user registration form (http://site/users/add) or the field 'data[Comment][body]' in the "add a comment" form to comment on a post (http://site/comments/add/).

This time the field 'data[Comment][body]' gets sanitized correctly but Tipsy, a Javascript library in charge of creating the tooltips, decodes again the stored sanitized string and it allows html injection in the admin panel.


Upgrade to Croogo 1.3.1 or apply patch Croogo's public repository


2010/05/08 - Vulnerability discovered
2010/05/08 - Vendor contacted
2010/05/1 2 - Patch submitted to Croogo's public source code repositories
2010/06/14 - Full disclosure


Croogo CMS - Croogo CMS Official website
Croogo on GitHub - Croogo GitHub
Websec's advisory permalink -