While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting (XSS) vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version 3.0.0 through 3.1.1 are...
One of the first things you do when auditing a WordPress website is checking for ways to enumerate the admin username. In cases where the admin username is revealed, it’s pretty common to see the WordPress login page taking a large number of...
When I was trying to learn what CSRF is during my educational days, all I could find was theoretical stuff with examples of Bob and Alice and their transactions, which was good enough for the time being but not in gaining an idea of the real-world...
This time around, it is not a price manipulation vulnerability like in the last story, rather it is a combination of some low-risk vulnerabilities that paved the way to what could have been a data breach worthy of making the front page. Client...
As an Information Security Analyst at Astra, I get to deal with reputed clients from all parts of the world. It is my daily job to test their web applications and do an assessment on every little corner of the website which is something we can’t yet...