Wordpress Mobile Detector Incorrect Fix Leads To Stored XSS

Recently, Wordpress Mobile Detector plugin was in news for the "Remote Code Execution" vulnerability that was found inside the resize.php file. The vulnerability allowed an external attacker to upload arbitrary files to the server as there was no validation being performed for the file-type that has to be retrieved from an external source.

Soon after the vulnerability became public, the plugin was taken down from wordpress directory until the issue was fixed. However, as per my analysis the fix is incomplete and leads to stored XSS. 

Acunetix Website Hack And Lessons Learnt

Update: Acunetix has just released an official response about the incident, read it here.

Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currently the homepage is displaying a "403 Forbidden error", it might be due to the fact that either the attacker has deleted all he files or developers have deliberately taken it down in order to review the files for any possible backdoor that might had been injected.

Courtesy - http://exploitgate.com/acunetixs-website-got-hacked-croatian-hackers/

Bypassing Modern WAF's Exemplified At XSS (Webcast)

Past Saturday, I conducted a "Webcast" on "Garage4hackers" on one of my favorite subjects in the field of Information Security i.e. "WAF Bypass". Initially, i had decided to present something on the topic of "Mobile Browser Security" due to the fact that this has been a topic I have been recently conducting a research on.

However i later realized that the "TakeAways" would not be much helpful, therefore i decided to talk about something that Bughunters/Pentesters can use in their day to day pentests and security engagements and hence i decided to present on this topic.

I must admit that the response has been overwhelming along with it, i have also managed to get a chance to learn more from the feedback and CTF responses.

I would like to specially thank "Imdadullah", "Himanshu", "Sandeep"  along with other garage4hackers members for inviting/supporting me through out the journey.  One of the best things "G4H Community" is the work they are doing for the security community by conducting free of cost Webcasts. You can find a list of other Webcasts here - "http://www.garage4hackers.com/ranchoddas/"

Bypassing Browser Security Policies for Fun and Profit (Full Presentation Video)

Blackhat has just recently released the full video for my talk on the subject of "Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit"

How Much Do Hackers Know About You?

The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyone.

This is mostly an exaggeration. Finding information on someone is still work, sometimes very time-consuming and usually not worth the effort from a financial standpoint unless done on a large scale. It does beg the question, however, of how much hackers might know about you. Based on the trails you leave online and who you trust your information with, a hacker might already have a file with your name on it. It is a question worth investigating.

Bypassing Browser Security Policies For Fun And Profit (Blackhat Asia 2016)

Few hours back, i delivered a talk at Blackhat Asia 2016  on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The following was the abstract:
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.