WordPress Adsense Deluxe Vulnerability

David Kierznowski of Operation n has discovered some serious flaws in the WordPress Adsense Deluxe plugin as part of the WordPress Angel Project. The vulnerability(s) affect all versions. This vulnerability reminds me of the the old Hacker movies, where a worm is released that steals random pennys from unsuspecting victims. This vulnerability is the closest […]

WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 (latest) WordPress is a popular open source blogging software. A persistent XSS vulnerability has been found in WordPress (to be honest I have found a few problems and hope to publish these soon). This issue […]

WordPress template.php Exploit

Its been a few days since the release of: http://michaeldaw.org/md-hacks/wordpress-persistent-xss/. Other references: http://www.securityfocus.com/bid/21782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808 Time to release a proof of concept exploit for this. I am sure the crackers will already be exploiting this in the wild. If you remember from my original advisory, our attack was limited due to our attack being passed through […]

CSRF with MS Word

Update 28/11: It is interesting to note that MS Word 2003 will actually warn the user. Obviously, someone at Microsoft saw the potential for badness here. Good stuff. Microsoft Word has been plagued with vulnerabilities in the past. Therefore, mail servers often restrict email with the .doc extension. However, with applications like Microsoft SharePoint which […]

SQL Injection Cheat Sheet

Related articles: Input Validation Cheat Sheet (Want to find other input validation problems?) Table of Contents Generic – Bypass Authentication Microsoft SQL Sybase MySQL Oracle PostgreSQL DB2 Ingres Bypass SQL Injection Filters References and Credits ChangeLog Date Change 09/07/07 DB2 Database SQL Injection Cheatsheet(Author: pentestmonkey.net) 09/07/07 Ingres Database SQL Injection Cheatsheet (Author: pentestmonkey.net) 13/03/07 Bypass […]

Projects

WordPress Securify Plugin WordPress Securify (WPSec) is a security plugin for WordPress. Every hour the tests specified within WPSec will be executed. A count of “warnings” is displayed in the top right of the WordPress Admin panel. WordPress Securify ShellScript This project has been split into two parts. The first was a chunky shell script […]

Adobe Universal XSS

Discussion In September pdp and I did some really fun work involving backdooring PDF files. It opened alot of eyes and some back accounts in getting it fixed. Now Stefano Di Paola and Giorgio Fedon have found a way to perform universal XSS attacks on systems with Adobe Reader and Professional installed. Affected Versions According […]