Exploit

CVE-2019-0708 - BLUEKEEP (RDP)

Vulnerability Overview RDP Connection Sequence Analysis of RDP Service Vulnerability Windows Kernel Debugging Note: Please, check the above two link to understand the how rdp connectioin sequence work and also about the vulnerability exists in Microsoft Windows RDP kernel driver - termdd.sys (MS_T120) My approach: I am n00bs in kernel exploitati...

WINDOWS INSTALLER BYPASS USING ROLLBACK SCRIPT (RBS AND RBF) - RACE CONDITION

Exploit https://github.com/SandboxEscaper/polarbearrepo/tree/master/InstallerBypass Windows Installer Windows Installer accomplishes rollback by creating a rollback script. A rollback script is a file that contains a linear sequence of operations to perform, such as file and registry updates, configuration information updates, user interface notifications, and state information for other oper...

WP STATISTICS PLUGIN SQL INJECTION VULNERABILITY

Requirements: WP-Statistics Plugin Version <= 12.0.7 Least Permission account : Subscriber account (with post edit permission) Why it is easy to exploit? This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right circumstances/configurations compromise your WordPress in...

Tags:

WAF RULE TO PREVENT 0-DAY ATTACKS IN WORDPRESS

(CVE-2017-8295) Wordpress <= 4.7.4 - Unauthorized Password Reset Vulnerability By default, WordPress is using an untrusted data to create a password reset link. That is supposed to be delivered only to the email address associated with the owner’s account. If the From email header is not present WordPress will use the server one. // check wp-includes/pluggable.php if ( !isset( $from_...