WooCommerce 3.6.4 - CSRF Bypass to Stored XSS

5 min read 8 Oct 2019 by Dennis Brinkrolf
WooCommerce is the most popular e-commerce plugin for WordPress with over 5 million installations. A flaw in the way WooCommerce handles imports of products results in a stored cross-site scripting vulnerability (XSS) that can be exploited through cross-site request forgery (CSRF).

TYPO3 9.5.7: Overriding the Database to Execute Code

5 min read 16 Jul 2019 by Robin Peraglie
In this technical blog post we examine a critical vulnerability in the core of the TYPO3 CMS which was detected by our static code analysis tool RIPS (CVE-2019-12747). A reliable exploit allows the execution of arbitrary PHP code on the underlying system as authenticated user.

WordPress 5.1 CSRF to Remote Code Execution

9 min read 13 Mar 2019 by Simon Scannell
Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1 (CVE-2019-9787).

WordPress 5.0.0 Remote Code Execution

15 min read 19 Feb 2019 by Simon Scannell
This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core (CVE-2019-8943). The vulnerability remained uncovered in the WordPress core for over 6 years.

CTF Writeup: Complex Drupal POP Chain

10 min read 29 Jan 2019 by Simon Scannell
A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.