Hackholics

addicted to hacking

Tag

stored

WordPress plugin leaves up to 70k sites vulnerable to stored xss

Recently we discover a stored Cross Site Scripting in a WordPress plugin which is installed in our website. It also effects more that 70.000 WordPress users. We immediately get in work and find a fix for that. After fixing the… Continue Reading →

Stored XSS

This code is vulnerable to xss , can you spot where it is and how to exploit it ? $name    = trim( $_POST[ ‘name’ ] ); $name = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $name ); $message = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $message );… Continue Reading →

© 2017 Hackholics — Powered by WordPress

Theme by Anders NorenUp ↑