Search Go hack yourself with Detectify

A web security blog from Detectify

New security tests, November 15, 2017: Image Resizer Exposure in .NET

November 16, 2017

Another update, another batch of vulnerabilities. We have an interesting mix of new security test this week, including Sitecore, HashiCorp Consul and WordPress vulnerabilities. As always, don’t forget to run a scan to check if you’re vulnerable.

* Image Resizer Exposure in .NET (information finding that affects Sitecore and Episerver, among others)
* Exposure of /.mysql_history
* Exposure of /.pgsql_history
* CVE-2017-14619: phpMyFAQ XSS
* WordPress simple-login-log SQL Injection
* WordPress invite-anyone Object Injection
* WordPress hrm Authenticated SQL Injection
* WordPress userpro Authentication Bypass
* WordPress wp-support-plus-responsive-ticket-system CSRF/RCE
* WordPress qards SSRF
* WordPress wp-all-import XSS
* WordPress buddypress Authenticated Open Redirect
* WordPress caldera-forms Authenticated XSS
* WordPress wp-custom-fields-search XSS
* HasiCorp Consul Exposure

Happy scanning!

The Detectify Team