Skip to main content
Ha Ha! Business

Never Say ‘No’ to Direct Database Access

Direct access to databases is usually a privilege of DBAs and not end-users. Nonetheless, end-users have to access DBs in certain situations like generating sales reports, making ad-hoc queries, exporting data into spreadsheets and so on. From the security perspective, this is clearly not ideal, as a typical application was never designed to be utilised this way. Instead of saying ‘no’ to […]

Read More

All your base

Data Exfiltration with XSS

We had an XSS vulnerability, we created a fake login page, we stole the WordPress admin’s credentials, now what? Over the following pages, I am going to walk you through the complete data exfiltration process. We are going to get shell access to the OS, dump the databases and configure the compromised WordPress server as a pivot for launching further attacks.

Read More

XSS Harvest Festival

In the previous post we crafted a Javascript code to exploit a recent XSS vulnerability in Wordpress. It displays a fake Wordpress login page to the administrator, which sends the username and password to the attacker’s host.

In today’s post we are going to learn to capture the submitted credentials on the server side. Secondly we explore a couple of options of hosting our credential harvester application.

Read More