Another week, another VulnHub image. This time it's NullByte by ly0n.
Another week, another VulnHub image. This time it's NullByte by ly0n.
So, VulnHub released a new image by @m_avinash143. Time to break more things, for fun. This one's called Acid.
After noticing a CTF by SecuraBit being mentioned on Twitter some time ago, I decided to give it a go. Here are my findings for the challenges, kindly hosted by SecuraBit.
While doing some reading on Reverse Engineering, it occurred to me that there are no tools for Android that allow for disassembly of binaries. After doing some research, I settled on the Capstone Engine....
The YOP Poll plugin exposes a number of AJAX requests to the public (see lines 15-40 in th efile yop-poll/inc/admin.php). An XSS vulnerability has been found in at least one of these functions – namely yop_poll_set_wordpress_vote. This function is...
The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of...
The WP-CopyProtect [Protect your blog posts] plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of CSRF token (nonce).
The WP Mobile Detector plugin exposes the AJAX action ‘websitez_options’ to all registered users on line 78 of wp-mobile-detector/websitez-wp-mobile-detector.php. Providing specially crafted form values will result in a Persistent XSS attack on...
The Erident Custom Login and Dashboard plugin exposes a call to the update_option method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a...