ClsHack:Computer Security Blog    

Evil socket has released version 2.0 WP-SENTINEL a plugin for wordpress, can protect your blog against attack crackers, lamer, black hats, h4x0r, etc. also used by some of the blog nasa.

In the version 2.0 have been changed several things:
(more…)

New bugs for wordpress, 2 “Indian Security Experts” have found a Reflected Cross Site Scripting vulnerability in the latest version of wordpress 3.3 :P

The problem is to write the same comment twice ;)
Vulnerability exploit the comment feature of WordPress Blog. Following two Steps mentioned in Exploit.
(more…)

Finally WPScan updates and introduces significant changes ;)
For those who do not know what it was WPScan:
WPScan: Another WordPress Security/Vulnerability Scanner


Let's see the changelog:
(more…)

I already talked about xss and their potential completely ignored by admin idiots vv

WordPress uses a mechanism to protect against crsf which complicates a little life to those who do not want to pick cookies but change the template or perform other operations.

The famous wpnonce v.v
I am attaching this post:
wpnonce

(more…)

TimThumb is a utility for auto resizing of images present in many Themes Worpress and not just where they found a 0day vulnerability that would allow an attacker to upload any file on the Blog, including a webshell which would provide full control of website.

The discovery is attributed to Mark Maunder, CEO della Seattle-based Feedjit, which issued a statement Monday 8 August 2011 explaining that the vulnerability affects about 39 million blogs available on the Internet and is due to an oversight in programming TimThumb.
(more…)