Tag Archives for " XSS "

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

22 August 2016
/ WordPress
/ By Jan Reilink
/ 3 COMMENTS
/

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

XSS Vulnerability in Wordfence 6.1.1 to 6.1.6

11 May 2016
/ Security
/ By Jan Reilink
/

Security researcher Kacper Szurek reported a reflected XSS vulnerability in the current version of Wordfence. The CVSS scoring mechanism rates the severity of this XSS vulnerability as medium. A Wordfence update 6.1.7 is released to address the XSS vulnerability.

WordPress 4.5.2 Security Release

6 May 2016
/ Security
/ By Jan Reilink
/

WordPress 4.5.2 – a security release – is just released tonight. WordPress 4.5.2 fixes a vulnerability through Plupload, the third-party library WordPress uses for uploading files.

Security Advisory: Stored XSS in Magento

27 January 2016
/ Security
/ By Jan Reilink
/

Sucuri reports an stored cross site scripting (XSS) vulnerability in Magento CE <1.9.2.3 and Magento EE <1.14.2.3. This vulnerability affects almost every install of these versions, time to upgrade your Magento webshop!

10% WordPress plugins in top ~1000 is vulnerable, a PHP static code analysis shows

23 November 2015
/ Security
/ By Jan Reilink
/

Marcin Probola conducted a PHP static code analysis of the top ~1000 WordPress plugins, and the results showed 103 plugins were vulnerable to at least one vulnerability type (XSS, SQL injection). This is roughly 10 percent! Marcin Probola writes that scanning results were manually verified in his spare time and delivered to official plugins@wordpress.org from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, some are not. Vulnerable and not patched plugins are already removed from official wordpress plugin repository.

High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk

30 April 2015
/ Security
/ By Jan Reilink
/

TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.

XSS Vulnerability Affecting Multiple WordPress Plugins

20 April 2015
/ Security
/ By Jan Reilink
/

Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-to-date: Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!

prettyPhoto DOM based XSS

4 May 2014
/ Security
/ By Jan Reilink
/ 1 COMMENT
/

prettyPhoto DOM based XSS on Saotn.org… This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?

Asp.Net Application Security

31 May 2013
/ Security
/ By Jan Reilink
/

Finbar Ryan writes in his blog post Asp.Net Application Security: “I was recently helping a colleague with a customer who was running a security check against their IIS Server on Windows Server 2008. The security tool they used highlighted that the server was running Asp.Net and might be vulnerable to cross-site scripting attacks. The Asp.Net engine does validate every request that comes in. We do however recommend that you still ensure your application is not susceptible to the scripting attacks that are out there…

WhatWorks in AppSec: ASP.NET Defend Against Cross-Site Scripting Using The HTML Encode Shortcuts

30 May 2013
/ Security
/ By Jan Reilink
/

Defend Against Cross-Site Scripting Using The HTML Encode Shortcuts. The .NET 4.0 & 4.5 frameworks introduced new syntax shortcuts to HTML encode dynamic content being rendered to the browser. These shortcuts provide an easy way to protect against Cross-Site Scripting (XSS) attacks in the newer versions of the .NET framework.

7 Snippets to use .htaccess as a Web Application Firewall

3 August 2011
/ Windows Server
/ By Jan Reilink
/ 2 COMMENTS
/

.htaccess to secure your website

In this post I provide you with 7 .htaccess snippets to secure your website, by letting .htaccess act as a kind of Web Application Firewall (WAF). You can use this information to block out exploit- and rogue HTTP requests on your website.