Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2013-005 - WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability

Advisory:
WordPress Plugin ‘Types 1.2.1.1’ Cross-Site Request Forgery
& Stored Cross-site scripting vulnerability
Advisory ID:
SSCHADV2013-005
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Types 1.2.1.1
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2013-2768
 
======================
Vulnerability Description
======================
 
The parameter ‘skypename’ of the WordPress plugin Types 1.2.1.1 is prone to a CSRF and stored XSS vulnerability
 
Continue reading "SSCHADV2013-005 - WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability"

Shame on me ;-)

I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.
 
And here is the link to the advisory SSCHADV2012-099 and here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)
 
Continue reading "Shame on me ;-)"

SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities

Advisory:
t-online.de eMail Center – Cross-Site Request Forgery  & XSS vulnerabilities
Advisory ID:
SSCHADV2012-099
Author:
Stefan Schurtz
Affected Software:
Successfully tested on email.t-online.de
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities
 
Continue reading "SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities"

My new article on heise Security

Here is my newest article, published on heise Security.
 
This time it’s about the Web-Security tool "CSRFTester" from The Open Web Application Security Project (OWASP). It’s a short overview how to use the CSRFTester to identify "Cross Site Request Forgery" vulnerabilites in web applications.
 
Here is the link to the article: http://heise.de/-1735223
 
Enjoy yourself!
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170