https://research.aurainfosec.io/authors/ahmad-ashraff/Recent content in Ahmad Ashraff on Aura Research DivisionHugo -- gohugo.ioenAura Information Security © 2026Thu, 26 Apr 2018 00:00:00 +0000https://research.aurainfosec.io/pentest/automating-thorny-sqli/Thu, 26 Apr 2018 00:00:00 +0000https://research.aurainfosec.io/pentest/automating-thorny-sqli/SQLMap is one of the best tool in exploiting sql injection. However, there are moments where this tool will not produce the expected results if we do not supplying the correct options. This post covers a tricky SQL Injection vulnerability that I found in a recent assessment.https://research.aurainfosec.io/disclosure/vmware_horizon_daas/CVE-2017-4897/Fri, 10 Mar 2017 00:00:00 +0000https://research.aurainfosec.io/disclosure/vmware_horizon_daas/CVE-2017-4897/<ul> <li><strong>CVE(s):</strong> VMSA-2017-0002, CVE-2017-4897</li> <li><strong>Vendor:</strong> VMware</li> <li><strong>Product:</strong> Horizon Daas Platform</li> <li><strong>Version(s) affected:</strong> 6.1.x</li> <li><strong>Fixed version:</strong> 7.0.0</li> </ul> <p>A security advisory was released by the VMware Security Team on the 3rd of March 2017 in their <a href="https://blogs.vmware.com/security/2017/03/new-vmware-security-advisory-vmsa-2017-0002.html" target="_blank" rel="noreferrer">Security Blog</a>.</p>