Hypertext Markup Language (HTML) injection is a type of injection vulnerability that occurs when a user is able to control an input point such as a search form and is able to inject arbitrary HTML code.. HTML allows web users to create and structure sections, paragraphs, and links using elements, tags, and attributes. However, it’s worth…
Penetration testing is the process of simulating real attacks on a target to access the risk associated with potential security breaches. This type of simulated environment allows the person performing the assessment to not only discover vulnerabilities, but to also exploit them where possible. Penetration tests, also known as pentest are crucial to organizations because…
During an evening of bug hunting, I found a cool issue in Evernote’s WebClipper tool. The results: WebClipper is a browser extension, which allows a user to extract and store webpage contents, videos, images etc.. to an Evernote account. The extension also proves to be quite popular: In this post we will walk through a vulnerability identified,…
In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of the most common type…
Every time we disclose a Cross Site Scripting (XSS) vulnerability in a WordPress plugin or theme, we always illustrate the issue with a screenshot similar to this one: Users who aren’t familiar with web security often ask us how a JavaScript messagebox may represent a dangerous threat. The answer is simple: not only JS code can do…
This is the first part of a series of stories of compromising companies via blind cross-site scripting. As companies fix the issues and allow me to disclose them, I will post them here. Blind cross-site scripting (XSS) is an often-missed class of XSS which occurs when an XSS payload fires in a browser other than…
DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible if the web application writes data to the Document Object Model without proper sanitization. The attacker can manipulate this data to include XSS content on the web page, for example, malicious JavaScript code. The Document Object Model is a convention used…
Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. Froala sanitizes the user input in order to prevent cross-site scripting attacks. During a web application penetration test at Compass, I found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor….
Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element…
The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress. According to BuiltWith statistics, WooCommerce is the No. 1 eCommerce platform, owning 22% of global market share in 2018. This XSS vulnerability (CVE-2019-9168) exists in the zoom display of the Photoswipe function, where WooCommerce failed to sterilize an…