You are here: Saotn.org » XSS

XSS

WordPress advisory: Akal premium theme XSS vulnerability

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

Read More »WordPress advisory: Akal premium theme XSS vulnerability

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org… This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?

Read More »prettyPhoto DOM based XSS