You don’t need xss.rocks/xss.js

Many newcomers as well as leets focusing on XSS seems to miss out one simple yet powerful thing: data URLs. While finding an XSS, hackers test the vulnerability with some hosted solution like xss.rocks or host their own files. But most of the time, you don’t need a hosted javascript file. You can simply use data URLs. What is data URL Data URLs are a special kind of URL defined with a data scheme.
Read more →

Bypassing WAF in Misconfigured Wordpress

Web Application Firewalls like cloudflare are pretty good at protecting websites by tunneling the traffic through their secure servers. But if the underlying IP address is leaked, such protection is usually bypassed and the attacker can directly target the application. IP Disclosure in WordPress WordPress stores the site url and home url in the database and uses them to serve content or redirect users. But sometimes the website is required to migrate to another domain.
Read more →

Open Redirect in Flattr

Read more →