Sign up to save your podcasts
Or
Share Episode 55: Popping WordPress Plugins - Methodology Braindump
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 55: Popping WordPress Plugins - Methodology Braindump
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.
Follow us on twitter
Send us any feedback here:
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
WordFence - Sign up as a researcher! https://ctbb.show/wf
---
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
Ramuel Gall
UpdraftPlus Vuln
XML-RPC PingBack
Unicode and Character Sets
Reflected XSS
POP Chain
WordpressPluginDirectory
Subscriber+ RCE in Elementor
Subscriber+ SSRF
Unauthed XSS via User-Agent header
Timestamps:
(00:00:00) Introduction
(00:05:55) Add_action & Nonces
(00:26:16) Add_filter & Register_rest_routes
(00:38:39) Page-related code & Shortcodes
(00:50:24) Top Sinks for WP
(01:02:19) Echo & SQLI Sinks
(01:15:07) Nonce Leak and wp_handle_upload
(01:18:16) Page variables & Pop Chains
(01:26:55) WP Escalations & Bug Reports
View all episodes
By Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
5
4545 ratings
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.
Follow us on twitter
Send us any feedback here:
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
WordFence - Sign up as a researcher! https://ctbb.show/wf
---
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
Ramuel Gall
UpdraftPlus Vuln
XML-RPC PingBack
Unicode and Character Sets
Reflected XSS
POP Chain
WordpressPluginDirectory
Subscriber+ RCE in Elementor
Subscriber+ SSRF
Unauthed XSS via User-Agent header
Timestamps:
(00:00:00) Introduction
(00:05:55) Add_action & Nonces
(00:26:16) Add_filter & Register_rest_routes
(00:38:39) Page-related code & Shortcodes
(00:50:24) Top Sinks for WP
(01:02:19) Echo & SQLI Sinks
(01:15:07) Nonce Leak and wp_handle_upload
(01:18:16) Page variables & Pop Chains
(01:26:55) WP Escalations & Bug Reports
More shows like Critical Thinking - Bug Bounty Podcast
View all
Risky Business
363 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Hacked
175 Listeners
CyberWire Daily
1,009 Listeners
Smashing Security
313 Listeners
Click Here
385 Listeners
Malicious Life
926 Listeners
Darknet Diaries
7,830 Listeners
Cybersecurity Today
141 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
308 Listeners
Cyber Security Headlines
120 Listeners
Bug Bounty Reports Discussed
4 Listeners
Risky Bulletin
33 Listeners