Hackholics

addicted to hacking

Tag

cross site scripting

WordPress plugin leaves up to 70k sites vulnerable to stored xss

Recently we discover a stored Cross Site Scripting in a WordPress plugin which is installed in our website. It also effects more that 70.000 WordPress users. We immediately get in work and find a fix for that. After fixing the… Continue Reading →

Reflected XSS

The above code is vulnerable to reflected xss but is has some filtering on it. Try to bypass it and excecute a javascript code <?php         $NAME=$_GET[‘name’];         $NAMESAN=strtoupper(htmlspecialchars($NAME));         echo “<HTML><body>”;         echo ‘<form action=””>’;         echo “First name:… Continue Reading →

Stored XSS

This code is vulnerable to xss , can you spot where it is and how to exploit it ? $name    = trim( $_POST[ ‘name’ ] ); $name = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $name ); $message = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $message );… Continue Reading →

© 2017 Hackholics — Powered by WordPress

Theme by Anders NorenUp ↑