Kacper Szurek - page 12

Kacper Szurek Tags Polish Newsletter About

YouTube Webinary Facebook Twitter

TagsPolishNewsletterAboutYouTubeWebinaryFacebookTwitter

Vulnerabilities

Detectify XSS challenge - Twins of Ten

Ten character XSS payload.

2 MIN READ

Vulnerabilities

FreiChat 9.6 SQL Injection

$_GET['time'] is not escaped.

2 MIN READ

Vulnerabilities

Floating Social Bar 1.1.5 XSS

$_REQUEST['items'] is not escaped.

1 MIN READ

Vulnerabilities

Store Locator Plus 4.2.23 Email Injection

We can send email to anyone if we have valid nonce token.

1 MIN READ

Vulnerabilities

WordPress Esplanade 1.1.4 Theme Reflected XSS

$_GET['tab'] is not escaped.

1 MIN READ

Vulnerabilities

pluck CMS 4.7.2 Path Traversal

When we use word thumb at the begining of $_GET['image'] it's possible to omit preg_match() function.

1 MIN READ

Vulnerabilities

WordPress Pinboard 1.1.10 Theme Reflected XSS

$_GET['tab'] is not escaped.

1 MIN READ

Vulnerabilities

Shortcodes Ultimate 4.9.3 Reflected XSS

We can read and display any external file using $_REQUEST['code'].

2 MIN READ

From 0 to pentesting hero

Reflected File Download

Can you expand the potential attack vector for a larger number of applications?

03-04-2019

3 MIN READ