Reflected XSS in WordPress Plugin Admin Pages
Antony Garand The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little…
Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster
John Castro NextScripts: Social Networks Auto-Poster is a plugin that automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger,…
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of…
Using assert() to Execute Malware in PHP 7 Environments
Krasimir Konov Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x,…
Persistent WordPress User Injection
Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The following code was detected at…
Magento Multiversion (1.x/2.x) Backdoor
Luke Leal The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable…
COVID-19 Chloroquine Pharmaspam
A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by…
CDN-Filestore Credit Card Stealer for Magento
During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain…
Web Crawler & User Agent Blocking Techniques
This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t…
Smoker Backdoor: Evasion Techniques in Webshell Backdoors
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware…
How SSL Works with a Website Firewall
Art Martori It’s no secret that a secure sockets layer (SSL) encrypts data as it moves between a visitor’s browser and the site host. For many people,…