Web Applications, Web Services, Oracle, MySQL, Linux, SAP R3 are my focus technologies, while my activities are widely spreaded: manual penetration tests, static code analysis, code reviews, consulting, project management
- Hooking Burp Suite in Client Software Communication - 6. July 2017
- PHP: Exploitation with $_REQUEST while validating $_GET - 20. May 2016
- HTTP Side-Channel Attacks with Burp Suite - 25. April 2016
While penetration testing and code reviewing a customer’s web-application I came across an interesting bug I’m going to describe in this article.
The application in question supports third party plugins which often follow their own coding-conventions.
During code review, a Cross-Site scripting vulnerability was detected in one of those plugins:
<?php echo "<a href='index.php?plugin=".$_REQUEST['plugin']."'>Link text</a>"; ?>