Tag: xss vulnerabilities

how to prevent security breaches

This Week in Exploits: What Are XSS Vulnerabilities? Part 2

In last week’s “episode” of ‘This Week in Exploits’, we talked about Cross-Site Scripting (XSS) and specifically reflective XSS vulnerabilities, the most common type of XSS flaw. We now know roughly what a XSS attack is, and some of what a reflected XSS attack does, but why do XSS attacks exist? How can they be used?

 

Read More

XSS vulnerability - cross-site scripting

What Is An XSS Vulnerability? Part One

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the OWASP Top Ten.

According to the OWASP assessment, the top three most common attacks are:

  • Injection
  • Weak Authentication and Session Management
  • Cross-Site Scripting (XSS)

 

As new vulnerabilities are discovered, we still can see that a large portion of these vulnerabilities are XSS-related vectors.

Read More

XSS vulnerability - cross-site scripting

The WordPress Genericons XSS Vulnerability

Earlier this week a security researcher reported a cross site scripting vulnerability, also known as an XSS vulnerability, in the WordPress icon package, Genericons.  Genericons is an icon package that was used with the default-installed WordPress theme, Twenty Fifteen.   Genericons included an HTML file, named example.html, which actually had the cross site scripting flaw.

About The Genericons XSS Vulnerablity

The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.

Read More

XSS vulnerability - cross-site scripting

The WordPress 4.2 XSS Vulnerability

Recently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.

How Can The XSS Vulnerability Be Exploited?

The xss vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000’). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.

Important Information For WordPress Users

Read More

XSS vulnerability - cross-site scripting

XSS Vulnerability Found In WP Super Cache Plugin

A cross-site scripting (XSS) vulnerability was recently revealed in the WordPress caching plugin, WP Super Cache.

What Does The WP Super Cache Plugin Do?

WP Super Cache converts dynamic WordPress pages into static HTML.  This creates pages that are quicker to serve to visitors than a database-generated page. Great for high traffic sites, WP Super Cache’s popularity has garnered over a million downloads.

Read More

Powered by WordPress & Theme by Anders Norén