WordPress 5.0.0 Remote Code Execution

19 Feb 2019 by Simon Scannell

WordPress Remote Code Execution

This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core. The vulnerability remained uncovered in the WordPress core for over 6 years.

Read More

CTF Writeup: Complex Drupal POP Chain

29 Jan 2019 by Simon Scannell

Drupal

A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.

Read More

Learnings from WordPress Security Month

15 Jan 2019 by Simon Scannell

Advent

Last year in December we released once a day a vulnerability affecting WordPress core or one of the most popular WordPress plugins, next to a critical persistent XSS in wordpress.org. This blogpost will summarize common mistakes developers make and the overall impact our advent calendar had on the WordPress community and the current state of WordPress security.

Read More

WordPress Privilege Escalation through Post Types

17 Dec 2018 by Simon Scannell
WooCommerce Object Injection

A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have. This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.

Read More

phpBB 3.2.3: Phar Deserialization to RCE

20 Nov 2018 by Simon Scannell
phpBB3 Phar Deserialization

A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and to take over the entire board.

Read More