Few safety tips to all WordPress plugin writers (from attacker's perspective)
For all of you worried plugin writers that stumbled upon this site searching for some 'how-to's for defending against SQL/XSS/... attacks, here is a small compact list with tips how to write more...
View ArticleClik here to view.
Homage #2
This is my favorite (de)motivational poster by far (ever). I would say it has an (pure sociology combined with behavioral psychology) educational message :)
View ArticleClik here to view.
WordPress Tune Library plugin
# Exploit Title: WordPress Tune Library plugin <= 2.17 SQL Injection Vulnerability# Date: 2011-09-10# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
"# note: magic_quotes has to be turned off"
Bad security practice or just act out of irritation due to unwanted forced backslashing inside request parameter values, lots of WordPress admins turn off magic quotes feature inside their...
View ArticleWordPress WP Forum Server plugin
# Exploit Title: WordPress WP Forum Server plugin <= 1.7 SQL Injection Vulnerability# Date: 2011-09-07# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View Articlesqlmap vs time-based SQL injection(s)
For all of you who wondered how to exploit time-based SQLi vulnerabilities here you'll find a short presentation using sqlmap. This is also dedicated to all people around that think that time-based...
View ArticleClik here to view.
WordPress WP e-Commerce plugin
# Exploit Title: WordPress WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability# Date: 2011-09-13# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
Best damn quick tips for a total SQL injection newbie (period)
What follows are the best guidance tips I could think of for quick training of a a total beginner (newbie) into "The World of SQL Injection": 1) Learn by reading everything you can conceive about SQL...
View ArticleClik here to view.
WordPress Count per Day plugin
This is a story of a "dirty" play. I don't care if someone doesn't credit me inside Changelog, but silently fixing the bug inside already rolled out original v2.17 (they could just name it v2.18 like...
View ArticleClik here to view.
It all starts with the ' (SQL injection from attacker's point of view)
You can find slides for my upcoming FSec 2011 talk "It all starts with the ' (SQL injection from attacker's point of view)" here: p.s. there would be more slides but the presentation time is only 30...
View ArticleWordPress Link Library plugin
# Exploit Title: WordPress Link Library plugin <= 5.2.1 SQL Injection Vulnerability# Date: 2011-09-16# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
WordPress AdRotate plugin
# Exploit Title: WordPress AdRotate plugin <= 3.6.5 SQL Injection Vulnerability# Date: 2011-09-22# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleWordPress Mingle Forum plugin
# Exploit Title: WordPress Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability# Date: 2011-09-19# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleWordPress WP Bannerize plugin
# Exploit Title: WordPress WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability# Date: 2011-09-22# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
XSS Illustrated (for masses)
Disclaimer: I am strongly against this kind of routine (I am only admitting persistent XSS as a real security threat), but it seems that it's popular among the "security" related people. To make things...
View ArticleClik here to view.
KillApachePy (CVE-2011-3192)
If you are following security trends then you've probably heard about the DoS attack against major number of Apache versions by usage of specially crafted Range header (CVE-2011-3192). Based on the...
View ArticleWordPress GD Star Rating plugin
# Exploit Title: WordPress GD Star Rating plugin <= 1.9.10 SQL Injection Vulnerability# Date: 2011-09-26# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
Damn Small XSS Scanner (DSXS)
Damn Small XSS Scanner (DSXS) is a fully functional XSS scanner (supporting GET and POST parameters) written in under 100 lines of code.As of optional settings it supports HTTP proxy together with HTTP...
View ArticleWordPress AdRotate plugin
# Exploit Title: WordPress AdRotate plugin <= 3.6.6 SQL Injection Vulnerability# Date: 2011-11-8# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link:...
View ArticleClik here to view.
DNS exfiltration using sqlmap
You can find slides (together with link to video presentation) for my talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) here:
View Article
