Direct access to databases is usually a privilege of DBAs and not end-users. Nonetheless, end-users have to access DBs in certain situations like generating sales reports, making ad-hoc queries, exporting data into spreadsheets and so on. From the security perspective, this is clearly not ideal, as a typical application was never designed to be utilised this way. Instead of saying ‘no’ to […]
Suit Up and Protect WordPress
In the final part of the series, I am going to show a few practical tips and tricks for protecting your WordPress blog. We have seen earlier how a simple XSS vulnerability can lead to the total compromise of the hosting environment. We not only managed to deploy a backdoor, dump all data from the databases and retrieve each file from […]
Data Exfiltration with XSS
We had an XSS vulnerability, we created a fake login page, we stole the WordPress admin’s credentials, now what? Over the following pages, I am going to walk you through the complete data exfiltration process. We are going to get shell access to the OS, dump the databases and configure the compromised WordPress server as a pivot for launching further attacks.
XSS Harvest Festival
In today’s post we are going to learn to capture the submitted credentials on the server side. Secondly we explore a couple of options of hosting our credential harvester application.
There are many misconceptions around the potential effects cross-site scripting (XSS). The usual pop-up alert(1) window is failing to demonstrate the potential consequences of XSS to non-security people. See a walk-through process of exfiltrating data from a Wordpress site by exploiting a XSS vulnerability.