-
WordPress – CSRF>XSS>Shell>Profit.
I did a small penetration test in 2013/14 for a client’s WordPress site, which has since been my go-to anecdote for explaining the potential for XSS… probably because, to non-sec folk, what it achieved sounds amazing, although its really rather easy to explain how and why it worked. This is that anecdote…
-
Threema Revisited.
So the Treema bug I found a few years ago was fairly cool in my opinion, something a bit different anyway. So it was disappointing that Threema didn’t respond to me at all and then released a patched/updated Threema to the AppStore with something like “general improvements’ in the change-log.. lovely.. very general. Well, anyway… process this for a second…
-
Threema Local Authentication Bypass
I sent Threema an email disclosing this and got an auto-reply saying that they commonly take a week to reply to customer messages. Since I hate waiting for things and its not a total remote RCE flaw, lets just put it here for now. The flaw allows gaining local access to a user’s Threema application,…
-
The OkBot.py
For a while I was trying to do the whole online dating lark. I had some fun with it but the problem with a site like OkCupid (my poison of choice) is that you can never really tell how ‘well’ you are doing. Obviously you are doing well if you are meeting people and having fun…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
hiburn8 📈🔥🎱 