Introduction I find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for beginners and for practicing your recon and exploit skills while helping companies…
Category: Blog
Misusing BeyondTrust Remote Support Leads To Data Exposure
BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of the Fortune 100”. Their products range from password management to…
Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]
AcyMailing is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more than 5.000 active installations. The plugin versions prior to 7.5.0 are vulnerable to an open…
Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]
SP Project & Document Manager is a WordPress plugin developed by Smarty Pants, with over 301.000 downloads and over 7.000 installations, according to their website. It is a file management…