- Beyond Superfish: a Journey on SSL MitM in the Wild
- FakeCommerce, an exercise in OSINT
-
Video:
Also available on WordPress.tv.
Slides: Available on SlideShare
# / #wordpress #security #wordcamp - Vulnerable SWF Bundled in 40 Wordpress Plugins
- DOM XSS Honeypot
- Hunting Wordpress Exploitation in the Wild
- DLL and Code Injection in Python
- What's New in xsssniper 0.8.x
- WordPress Mingle Forum <= 1.0.32.1 Multiple Vulnerabilities
-
# Exploit Title: WordPress Shortcode Redirect plugin <= 1.0.01 Stored XSS # Dork: inurl:/wp-content/plugins/shortcode-redirect/ # Date: 2012/01/18 # Author: Gianluca Brindisi (g@brindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip # Version: 1.0.01Vulnerability
You need permissions to write a post (HTML mode) to exploit the shortcode:
# / #wordpress #advisory #stored-xss[redirect url='http://wherever.com"[XSS]' sec='500"[XSS]']
Welcome to Cloudberry Engineering
a notebook on building, breaking and securing systems.
by Gianluca Brindisi
a notebook on building, breaking and securing systems.
by Gianluca Brindisi
