After installing the WordPress plugin “WP-DB-Backup” found at http://wordpress.org/plugins/wp-db-backup/ I saw some insecure looking practices being taken when it came to storing the created backups. At the time of this writing there is just over two million downloads of this plugin and it has a rating of 3.8/5 stars. The reason I’m posting this however, is because it has some interesting security issues that I’d like to share.
Checking for a WP-DB-Backup Install
You can find out if a site is running this software by probing for the existence of certain files in the /wp-content/plugins/wp-db-backup/ folder. Continue reading →
Thought I’d write a post on my experience with eBay’s security submission team and also to keep an archive of my various bug submissions.
The vulnerability was reflected XSS due to improper sanitation of a user inputted parameter itemId in eBay mobile. Found it manually by just tampering inputs and watching the output. Continue reading →