Vulnerabilities
WP Fastest Cache 0.8.4.8 Blind SQL Injection
$_POST['poll_id'] is not escaped properly.
11-11-2015
2 MIN READ
Vulnerabilities
OpenDocMan 1.2.9 XSS
By default it's possible to upload .html files. So we can put XSS there.
27-10-2015
1 MIN READ
Vulnerabilities
Favicon by RealFaviconGenerator 1.2.12 XSS
Nonce token is not checked inside install_new_favicon() function.
26-10-2015
1 MIN READ
Vulnerabilities
Custom Sidebars 2.1.0.1 XSS
$_GET['cs-msg'] is not escaped.
23-09-2015
1 MIN READ
Ctf
IceCTF - Giga 200 Write-up
Example of hash length extension vulnerability
24-08-2015
4 MIN READ
Vulnerabilities
Bypass ScriptBlock using Google Cloud Storage
googleapis.com domain is whitelisted by default.
18-08-2015
1 MIN READ
Vulnerabilities
WordPress Video Gallery 2.7 SQL Injection
$_GET['vid'] is not escaped.
09-08-2015
2 MIN READ
Vulnerabilities
Livefyre Comments 3 4.1.4 XSS
Every registered user can change livefyre_site_id and livefyre_site_key.
02-08-2015
1 MIN READ
From 0 to pentesting hero
XSS using SVG file
The functionality of file upload is a key place where we should pay special attention to. If the attacker successfully sends and executes a malicious file, the whole server may be taken over.
12-03-2019
3 MIN READ