Simple Student Result < 1.6.4 - Auth Bypass

Exploit Title: Simple Student Result < 1.6.4 - Auth Bypass Google Dork: inurl:wp-content/plugins/simple-student-result Date: 21-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://ssr.saadamin.com/ Software Link: https://wordpress.org/plugins/simple-student-result/ Version: < 1.6.4 Tested on: Kali Linux 2.0 CVE : To be Updated 1 ...

CVE-2017-14126 Participants Database < 1.7.5.10 - XSS

Exploit Title: Wordpress Plugin Participants Database < 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link: https://wordpress.org/plugins/participants-database/ Version: 1.7.5.9 Tested on: Kali Linux 2.0 CVE : CVE-2017-14126 1. Product ...

OSCP review

Having passed my OSCP exam last week, I thought it would be good for me to share my thoughts with OSCP aspirants out there. A little bit on my background first. I have a bachelors degree in computing specialising in information security and have worked as a network pen tester ...

Enumerate sites hosted on same IP

Enumerating sites which are hosted on the same IP address can sometimes tell us a lot about a server. Is it shared hosting? Is it a legitimate server which was compromised for C2 operations? Does the site owner have any other shady business dealings on the side? I am aware ...

Remote Command Execution on Google Assistant

Recently, Burger King took out a TV advert and used Google voice assistant's "OK google" command to make devices read out a paragraph on the whopper burger. While most news reports take a rather cavalier attitude, treating it as a prank, this is actually remote command execution. The attacker ...

Is DarkTrace working with the NSA?

DarkTrace is "led by leading government cyber intelligence officials from MI5, NSA and the CIA." Hmm... He also seems to have no idea that he has been trolled.