Filter by tag: serendipity

Serendipity 2.0.3: From File Upload to Code Execution

8 min read 7 Dec 2016 by Hendrik Buchwald
Serendipity is an easy to maintain blog engine. There are a lot of plugins that can be used to extend the functionality, this article will focus on its core though. With close to 125,000 lines it is a medium-sized web application. In this post, we will show how attackers can bypass existing security mechanisms which can lead to remote code execution attacks.