WordPress 5.0.0 Remote Code Execution

19 Feb 2019 by Simon Scannell

WordPress Remote Code Execution

This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years.

Read More

CTF Writeup: Complex Drupal POP Chain

29 Jan 2019 by Simon Scannell

Drupal

A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.

Read More

Learnings from WordPress Security Month

15 Jan 2019 by Simon Scannell

Advent

Last year in December we released once a day a vulnerability affecting WordPress core or one of the most popular WordPress plugins, next to a critical persistent XSS in wordpress.org. This blogpost will summarize common mistakes developers make and the overall impact our advent calendar had on the WordPress community and the current state of WordPress security.

Read More

What we learned from our Advent Calendar

24 Dec 2016 by Johannes Dahse

Advent

In this years Advent of PHP Application Vulnerabilities (APAV), we examined 36 critical security issues which were detected in 19 different PHP applications by our code analysis solution RIPS. In our final post, we would like to summarize what we learned during this thrilling advent time. We reveal how the affected vendors reacted to our reportings behind the scenes. Was it right to publish all these sensitive issues? What conclusions can we draw about the security state of PHP applications from our findings?

Read More

e107 2.1.2: SQL Injection through Object Injection

23 Dec 2016 by Hendrik Buchwald

e107

The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP Object Injection vulnerability.

Read More