Loading…
BSides Boston 2016 has ended
Saturday, May 21 • 3:00pm - 3:45pm
How To Discover 1352 Wordpress Plugin XSS 0days in One Hour
In a single night, I was able to find about 1400 vulnerabilities in wordpress plugins. Not only that, but they were all a single kind of vulnerability, cross site scripting (XSS). Using techniques that I have developed, I was able to mass download plugins and scan them for unsanitized outputs from a user. In this talk, I will show how I did it and how I have responsibly notified the community.

Speakers
LC

Larry Cashdollar

Larry Cashdollar has been working in the security field and finding vulnerabilities for over 15 years. With a couple thousand CVEs to his name, he is a known researcher in the field. You can see many of the disclosed vulnerabilities at vapidlabs.com. He is a member of the SIRT at... Read More →


Saturday May 21, 2016 3:00pm - 3:45pm
NERD 1 Memorial Dr
  • Room Mann