After the post from last week about CVE-2021-25080 we received another CVE from a similar work on the same plugin. In this case, we found multiple XSS in Contact Entries Plugin: let’s dive into the vulnerability!
CVE-2021-25080 – finding Cross-Site-Scripting vulnerabilities in headers
A year ago I discovered a stored XSS in Contact Form Entries plugin. It is an interesting case of Cross-Site Scripting vulnerability in headers.
Leveraging Docker + VSCode to study web vulnerabilities
Have you ever studied Docker? If you are a passionate about web hacking, study it! In this Post I am going to persuade you that using Docker to study web vulnerabilities is a good thing! If you want to understand more about this post, please follow Docker Documentation How do you find vulnerabilities? There are […]
Web Application Hacking – An introduction
When trying to find a methodology for performing a Penetration Test against a Web Application (meaning those that are accessed using a browser to communicate with a web browser), one should keep in mind that Hackers’ activities to find new vulnerabilities always involve a great deal of creativity. It is possible, though, to explore all […]