March 1st, 2008  | Tags: , ,

‘Mantis is a free popular web-based bugtracking system’ –

I didn’t audit this, I don’t want to audit this, I just found it while using Mantis. There may be more, but this is what I got:

March 1st, 2008  | Tags:

February was a very busy month for me, which makes it a slow month for I did change hosts, but that was about it. Between the XBox 360, and my new iPhone I am lucky I even did any real work. Hopefully March will be a better month for hiredhacker and I will get to do some more research and get some new bugs published. I do have some quick bugs that I will throw up here, both are web apps; Mantis Bug Tracker and dotProject Project Management System.

February 6th, 2008  | Tags: ,

pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests.

I wanted to get this up here in case you haven’t heard that Cody Pierce and Aaron Portnoy have released PyMSRPC. I personally have been very excited for this to be released and I will post more information later once I get a chance to play with it. Cody also wrote a great article about NDR Types over on the DVLabs blog.

February 2nd, 2008  | Tags: , , , ,

The WP Contact Form III 1.4.1 WordPress plugin by ‘KristinKWangen’ is vulnerable to multiple cross site scripting attacks.

Note to developers, this does not stop script injection attacks:

From wp-contactform.php line 105:

$_POST['wpcf_your_name'] = stripslashes(trim($_POST['wpcf_your_name']));

Also note that this is not a very good way to die:

From buttonsnap.php line 28:

$selection = isset($_POST['selection']) ? $_POST['selection'] : @$_GET['selection'];
$selection = apply_filters($dispatch, $selection);
February 2nd, 2008  | Tags:

Ronald has started a router hacking challenge over on It’s an interesting topic, and something I have explored in the past with good results. Take a look and send him your findings.

Page 5 of 9« First...34567...Last »