10 WordPress snippets you never knew you could live without

Shares

10 WordPress site-specific plugin and functions.php snippets you never knew you could live without ;-) Enhance your WordPress experience, performance and security with these small PHP snippets; WordPress filters, actions and functions. These snippets are meant to show you how things can be done, not must. Read on…

Continue reading

MySQL DoS in the Procedure Analyse Function – CVE-2015-4870

Shares

Sri Lankan Security researcher Osanda Malith discovered a DoS -or crash- vulnerability in MySQL’s Procedure Analyse Function. The vulnerability crashes MySQL versions up to 5.5.45.

Continue reading

Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Shares

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

Continue reading

How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10

Shares

When you start to play with Windows Server 2016 and IIS 10, you’ll receive an error when you try to install the IIS URL Rewrite Module. The error occurs because the URL Rewrite Module installer contains an invalid version check for the IIS being used. Here is how to install IIS URL Rewrite Module in IIS 10

Continue reading

PowerShell blacklist check script: find an IP address’ blacklist status & reputation

Shares

Here’s a blacklist check script written in PowerShell. You can use this to lookup an IP address in various blacklists (DNSBL, RBL). Such a check is a great indicator for an IP address’ reputation. Basically this PowerShell blacklist checker is a translation of my Bash script to check an IP address blacklist status in Linux.

Continue reading

AppCmd introduction and examples

Shares

AppCmd, in combination with WinRM, is the Windows Server IIS systems administrator’s swiss-army knife for his daily work. AppCmd.exe is a command-line utility to manage IIS 7+ web servers. It exposes all important IIS server management functionality available through a set of intuitive management objects that can be manipulated through the cmd.exe or PowerShell command-line, or through PowerShell scripts. In this post you’ll find more information about AppCmd usage and examples.

Continue reading

Ghost on IIS with HTTPS: Too many redirects, resolved

Shares
Ghost logo

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.

Continue reading

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6

Shares

Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.

Continue reading

WordPress 4.5.2 Security Release

Shares

WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.

Continue reading

ImageMagick Is On Fire –  CVE-2016-3714

Shares

TL;DR: There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

Continue reading

Get current number of FTP client connections (NonAnonymous) with PowerShell and Get-Counter

Shares

Ever wanted to know the current number of active FTP client connections on your Windows Server FTP Service? You can get this statistic using PowerShell, the Get-Counter cmdlet and the Microsoft FTP Service Current NonAnonymous Users performance counter.

Continue reading

Binary Webshell Through OPcache in PHP 7

Shares

GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

Continue reading

Simple PowerShell introduction for Windows Server administration, automation and scripting

Shares

Windows PowerShell (“PS” for short) is an important tool in Windows Server for administrators. You can use PowerShell for Windows Server administration, software installation, automation, and shell/command-line scripting. Here is a small and simple introduction to Windows PowerShell.

Continue reading

Windows Update error 0xc1420127 and 0xc190010b when upgrading Windows 8.1 to Windows 10

Share

Last weekend I had to update my girlfriends laptop from Windows 8.1 to Windows 10. Some might say, an easy task. Well, it wasn’t. After downloading the Windows 10 update through Windows Update, Windows Update returned errors 0xc1420127 and 0xc190010b (even using the Windows 10 media creation tool), and as always there are many reasons for these errors. In this short post, I’ll provide some possible solutions and tips.

Continue reading

Understand Microsoft Hyper Converged Solution

Shares

This whitepaper is written by Romain Serre and Charbel Nemnom which describes Microsoft Hyper-Converged solution in Windows Server 2016 using Storage Spaces Direct, Hyper-V and network technologies. The second part of this document shows an example of this implementation.

Continue reading

1 2 3 21