Sharing is Caring

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a SQL injection Denial-of-Service in a later to be disclosed plugin. This post describes the Akal theme XSS vulnerability.

Continue reading

5 Extra Ways to Clean Up Disk Space in Windows Server

dism.exe /online /Cleanup-Image /AnalyzeComponentStore

How to perform disk cleanup in Windows Server 2012 (R2) to regain used disk space using DISM from your Windows Component Store (WinSxs) is one of the most popular posts here on Saotn.org. So apparantly, disk space usage is an issue on Windows Server. And that made me wonder: what more ways to clean up […]

Continue reading

Samsung’s smart camera. A tale of IoT & network security

Pen Test Partners writes about IoT and security in the Samsung smart camera SNH-6410BN. They discovered eleven (11) issues, chained together to gain root access. Got r00t?

Continue reading

List all MAC Addresses of all Hyper-V Virtual Machines

You sometimes need to list and get all MAC addresses of all Hyper-V virtual machines in your network. Either for your Hyper-V administration or provisioning if you don’t set an unique MAC address automatically. Here is how to get all those MAC addresses easily with PowerShell.

Continue reading

Windows Server 2016 licensing model

Mark O’Shea writes on TechNet that the licensing model for Standard and Datacenter were changed with Windows Server 2016, and he introduces the changes. The information is pulled from the Windows Server 2016 Licensing Datasheet, and if you need more details you can also download the Windows Server 2016 and System Center 2016 licensing FAQ. […]

Continue reading

“How we broke PHP, hacked Pornhub and earned $20,000”

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is […]

Continue reading

SSL in WordPress, how to move your WordPress site to HTTPS? The Definitive Guide

HTTPS for WordPress

Add SSL and HTTPS in WordPress: an SSL certificate on your website is the de-facto standard nowadays. Google ranks sites having HTTPS – or an SSL certificate – higher in their SERP. But in WordPress, what do you need to do to set up and install an SSL certificate in your WordPress website? I’ll try […]

Continue reading

25 New SQLServer PowerShell cmdlets

Ayo Olubeko of the SQL Server Blog writes in the SQL PowerShell: July 2016 update. The July update for SSMS includes the first substantial improvement in SQL PowerShell in many years. We owe a lot of thanks for this effort to the great collaboration with our community. We have several new CMDLETs to share with […]

Continue reading

MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!

High Performance MySQL

Are you running into MySQL load problems? Learn how how I tuned my MySQL servers for a heavy InnoDB workload, by configuring innodb_buffer_pool_instances. Dividing the InnoDB Buffer Pool into multiple regions, or instances, improves Disk I/O. By doing so, you run your website, or application, efficiently and fast, by optimizing your MySQL database server InnoDB […]

Continue reading

KB3157663: Cumulative Update for Windows Server 2016 Technical Preview 5

Windows Server 2016

When you’re installing Windows Server 2016 Technical Preview 5, don’t forget to install KB3157663 before installing any server roles, features, or other products. Installing KB3157663 prior to any other software will fix an error with DISM and Install-WindowsFeature, error code 0x800F081F:

Continue reading

KMS Migration from 2008 R2 to Windows Server 2012 R2 and KMS Activation Known Issues

Windows Server logo by Freddy2001

How to migratie an Windows Server 2008 R2 KMS to Windows Server 2012 R2, for volume activation of Microsoft products? On a new KMS server? You don’t, apparently there is no Windows Server 2008 (R2) KMS to Windows Server 2012 R2 migration. There is no way to automatically transfer your KMS role along with the […]

Continue reading

10 Valuable WordPress snippets you never knew you could live without

WordPress.org logo

10 WordPress site-specific plugin and functions.php snippets that give you a better WordPress experience. Enhance your WordPress blog / website with these small PHP snippets; WordPress filters, actions and functions. Quickly extend the functionality you need for your WordPress website! Read on…

Continue reading

MySQL DoS in the Procedure Analyse Function – CVE-2015-4870

Sri Lankan Security researcher Osanda Malith discovered a DoS -or crash- vulnerability in MySQL’s Procedure Analyse Function. The vulnerability crashes MySQL versions up to 5.5.45.

Continue reading

Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things […]

Continue reading

How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10

IIS URL Rewrite Module installation error IIS 10

When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module in IIS. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite […]

Continue reading
1 2 3 21