XSS Archives

WordPress advisory: Akal premium theme XSS vulnerability

This post describes the Akal premium WordPress theme XSS vulnerability that I discovered. The theme suffers from a reflected Cross Site Scripting (XSS) vulnerability that would allow an attacker to steal an admin's cookie, if WordPress wasn't secured against that type of attacks.

By Jan Reilink 22/08/2016Web application security

Web application security

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org... This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?

By Jan Reilink 04/05/2014Web application security

Web application security

7 Snippets to use .htaccess as a Web Application Firewall

Here are 7 .htaccess snippets for you to secure your website, by using .htaccess as a kWeb Application Firewall (WAF). You can use this information to block exploits and rogue HTTP requests on your website.

By Jan Reilink 03/08/2011Web application security

XSS

WordPress advisory: Akal premium theme XSS vulnerability

prettyPhoto DOM based XSS

7 Snippets to use .htaccess as a Web Application Firewall

Windows Server

Web applications

PowerShell