Whisper: Host Header Injection/Redirection

whisper.sh is vulnerable to host header injection because the host header can be changed to something outside the target domain ie. whisper.sh and cause it to redirect to to that domain instead see below. Attack vectors are somewhat limited but depends on how the host header is used by the back-e...

WordPress Pingback Vulnerability Serves DDoS attack feature

Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service DDoS attacks. "WordPress has a...