Tag: security research

WordPress basic auditing

Posted on by MiguelSantareno

Wordpress Read me
target/readme.html

Wordpress License with wordpress version
target/license.txt

Wordpress sample config:
target/wp-config-sample.php

Wordpress installation:
target/wp-admin/install.php

Wordpress upgrade file:
target/wp-admin/upgrade.php

Wordpress setup config:
target/wp-admin/setup-config.php

Wordpress Api usefull paths:
target/wp-json/wp/v2/users – enumerate users
target/wp-json/wp/v2/posts – enumerate posts
target/wp-json – wordpress api

Script to enumerate users thought authors of blog:
for i in {1..30}; do curl -s -L -i target | grep -E -o “\” title=\”View all posts by [a-z0-9A-Z-.]|Location:.” | sed ‘s/\// /g’ | cut -f 6 -d ‘ ‘ | grep -v “^$”; done

Wordpress Plugins readme or license:
target/wp-content/plugins/plugin name/readme.txt or /license.txt

Wordpress Theme readme or license:
target/wp-content/theme/nome-do-theme/readme.txt, /changeglog.txt or /license.txt

How I was able to create Unauthorized Comments on Facebook Live Stream

Posted on by WHOISbinit

Back in October, 2018, I discovered a vulnerability on Facebook that allowed me to create unauthorized comments on live streams of people who aren’t my friends and don’t allow non-friends to comment on their posts.

For this vulnerability, the Facebook Security Team rewarded me a bounty amount of $750, which was the first ever bounty that I ever received.