WordPress 3.8.2 patch analysis HMAC timing attack-vulnerability warning-the black bar safety net

author: [email protected] 0x00 background On github over and over to see for a long time, the official version of the diff only in php where changes to a location: | 1 2 | - if $hmac != $hash + if hashhmac 'md5', $hmac, $key !== hashhmac 'md5', $hash, $key ---|--- WP developers just...

PHPWind flash xss 0day？

简要描述： 突然发现的，在乌云上一搜，是insight-labs提交了的一个，官方回复已经修复，但是修复不完整。 详细说明： 在测试其他网站时，发现了这个flash文件，看了下代码， ExternalInterface.callthis.jQuery, "jPlayerFlashEvent", arg0.type, this.extractStatusDataarg0.data; 搜索jquery： this.jQuery = loaderInfo.parameters.jQuery + "'" + loaderInfo.parameters.id + "'.jPlayer";...

WordPress podPress Plugin XSS in SWF

Exploit Title: WordPress podPress Plugin XSS in SWF Release Date: 28/03/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip Tested on: XPsp3 Affected version: 8.8.10.13 before Goog...

WordPress podPress 8.8.10.13 Cross Site Scripting

Exploit Title: WordPress podPress Plugin XSS in SWF Release Date: 28/03/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip Tested on: XPsp3 Affected version: 8.8.10.13 before Goog...

[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏

Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...

OSEC-2013-01: nagios metacharacter filtering omission

Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...

[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏

Exploit Title: Wordpress Audio Player Plugin XSS in SWF Release Date: 31/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip Vendor Homepage: http://wpaudioplayer.com/ Tested...

WordPress WP-Table-Reloaded Cross Site Scripting

Exploit Title: Wordpress wp-table-reloadedþ plugin cross-site scripting in SWF Release Date: 24/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip Vendor Homepage:...