Kacper Szurek - page 10

Kacper Szurek Tags Polish Newsletter About

YouTube Webinary Facebook Twitter

TagsPolishNewsletterAboutYouTubeWebinaryFacebookTwitter

Vulnerabilities

Tiny Tiny RSS Blind SQL Injection

$item_id inside process_category_order() is not properly escaped. Then it's used in UPDATE statement.

2 MIN READ

Vulnerabilities

Huge It Image Gallery 1.7.0 Reflected XSS

$_POST['thumbtext'] and $_POST['linkbutton'] are not escaped inside huge_it_video_gallery_ajax().

1 MIN READ

Vulnerabilities

Profile Builder 2.2.4 Reflected XSS

$_GET['loginerror'] is not escaped.

1 MIN READ

Vulnerabilities

Formidable Forms 1.07.11 Blind SQL Injection

`FrmFormsController

2 MIN READ

Vulnerabilities

Prevent WPScan from scanning

Prevent username enumeration

5 MIN READ

Vulnerabilities

Simple Ads Manager 2.9.4.116 SQL Injection

$whereClause and $whereClauseT and $whereClauseW and $whereClause2W are not escaped.

3 MIN READ

Vulnerabilities

Admin Management Xtended 2.4.0 Privilege escalation

Inside almost all wp_ajax function there is no privilege check.

1 MIN READ

Vulnerabilities

Breezing Forms 1.2.7.30 SQL Injection

Every registered user can access plugin admin interface.

1 MIN READ

From 0 to pentesting hero

Cross-Site Websocket Hijacking

Not so long ago, to make website's content appear in real time it had to be kind of simulated. For example from the level of JavaScript - by sending a request to the server every few seconds and downloading the latest content.

24-07-2019

4 MIN READ