Vulnerabilities
WP Fastest Cache 0.8.4.8 Blind SQL Injection
$_POST['poll_id'] is not escaped properly.
11-11-2015
2 MIN READ
Vulnerabilities
OpenDocMan 1.2.9 XSS
By default it's possible to upload .html files. So we can put XSS there.
27-10-2015
1 MIN READ
Vulnerabilities
Favicon by RealFaviconGenerator 1.2.12 XSS
Nonce token is not checked inside install_new_favicon() function.
26-10-2015
1 MIN READ
Vulnerabilities
Custom Sidebars 2.1.0.1 XSS
$_GET['cs-msg'] is not escaped.
23-09-2015
1 MIN READ
Ctf
IceCTF - Giga 200 Write-up
Example of hash length extension vulnerability
24-08-2015
4 MIN READ
Vulnerabilities
Bypass ScriptBlock using Google Cloud Storage
googleapis.com domain is whitelisted by default.
18-08-2015
1 MIN READ
Vulnerabilities
WordPress Video Gallery 2.7 SQL Injection
$_GET['vid'] is not escaped.
09-08-2015
2 MIN READ
Vulnerabilities
Livefyre Comments 3 4.1.4 XSS
Every registered user can change livefyre_site_id and livefyre_site_key.
02-08-2015
1 MIN READ
From 0 to pentesting hero
Client Side Template Injection
Retrieving parameters from the user and later displaying them on the website always carries risk of XSS attack. But can you perform such attack without using the HTML tag?
21-03-2019
3 MIN READ