BSides Boston 2016: How To Discover 1352 Wordpress Plugin XS...

Back To Schedule

How To Discover 1352 Wordpress Plugin XSS 0days in One Hour

In a single night, I was able to find about 1400 vulnerabilities in wordpress plugins. Not only that, but they were all a single kind of vulnerability, cross site scripting (XSS). Using techniques that I have developed, I was able to mass download plugins and scan them for unsanitized outputs from a user. In this talk, I will show how I did it and how I have responsibly notified the community.

Speakers

Larry Cashdollar

Larry Cashdollar has been working in the security field and finding vulnerabilities for over 15 years. With a couple thousand CVEs to his name, he is a known researcher in the field. You can see many of the disclosed vulnerabilities at vapidlabs.com. He is a member of the SIRT at... Read More →

Saturday May 21, 2016 3:00pm - 3:45pm
NERD 1 Memorial Dr

It doesn't fit

Room Mann