I was playing around with some new HTML5 features and noticed a funny one. Meter gives you a cool progress bar on-the-fly – https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meter Immediately […]
Multiple vulns on mTouch Quiz WordPress plugin
Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed […]
XSS on a input hidden field
…where you have the input sanitized for ‘<> chars. I come across a web application on a bounty program where the returnurl was placed in […]
Tiny XSS exploitation
A well-known website had a limit of 32 chars on the user name field that was reflected in the public profile area. That field allowed […]
Get a bounty on a WordPress blog
I would like describe a step-by-step of my latest “appreciation program” reward on a security issue in a WordPress plugin. First things first – check […]
Events Made Easy WordPress plugin CSRF + Persistent XSS
Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Events Made Easy is a full-featured event management solution for WordPress. Events Made […]
Komento Joomla! component Persistent XSS
CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]
Results for the XSS challenge
For the first challenge it was very interesting. It was easy challenge but it’s a start. New challenges will be up soon. The winners are […]
Win $50 Amazon Gift card with a XSS challenge
I’m a big fan of XSS and to make my new website more visible to the infosec guys I’m offering two Amazon gift cards. The […]
Google Chrome XSS bypass by BruteLogic
#ChromeBypass <svg><script>0<1>alert('XSS')</script> pic.twitter.com/msMpVmplUo — Brute Logic (@brutelogic) August 10, 2015