Recent Posts

Arabic Font <= 1.2 CSRF Stored XSS

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scrip...

What’s New in WPXF 1.6.1

3 minute read

This is the first time I have written a blog post regarding WordPress Exploit Framework. I’ve never felt the need to write one yet, but given some of the cha...

WP Live Chat Support <= 7.0.06 Reflected XSS

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in wp-live-chat-support.php, it is possible to execute scripts in the context of an admin user by includ...

Super Mario Host CTF Walkthrough

30 minute read

Super Mario Host is an SMB themed CTF created by mr_h4sh. The goal of the CTF is to discover the two hidden flags and to find the passwords of all the charac...

MaxButtons <= 6.18 Reflected XSS

less than 1 minute read

Due to a lack of CSRF mitigation and entity encoding in includes/admin_header.php, it is possible to execute scripts in the context of an admin user by inclu...