IHTeam Security Blog
After 10 days from the official release of 3.8.5, we share our code with all the community. I wanna also thanks Dan for this articles and for his kindness. <?php /* WP e-Commerce <= 3.8.4 SQL Injection Download link: http://wordpress.org/extend/plugins/wp-e-commerce/ Author contact: 29/06/2011 Exploit published: 18/07/2011 Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php): foreach ( (array)$_POST[‘collected_data’] as $value_id => […]
Si svolgerà a Louisville, Kentucky dal 30 Settembre al 2 Ottobre l’edizione 2011 del DerbyCon! Saranno presenti illustri ospiti e relatori quale: Adrian `IronGeek` Crenshaw Martin `PureHate` Bos HD Moore Kevin Mitnick James `egypt` Lee E tantissimi altri! Immancabili gli hack game che si svolgeranno tra cui: Capture The Flag (CTF) Sfide di lockpicking Network King […]
WordPress bSuite <= 4.0.7 Permanent XSS -> Add Admin Download link: http://wordpress.org/extend/plugins/bsuite/ Author contact: 29/06/2011 POC published: 11/07/2011 Plugin is out-of-date, last update on 2009, so this is just a POC that show how to made the XSS more useful 😉 FIX: Add htmlspecialchars to output Bug found by: IHTeam Follow us on Twitter! @IHTeam […]