Baraktawily.blogspot.com Website Review

According to wordpress.com, the WordPress platform powers 29% of the worldwide internet websites. In this article I am going to explain how Denial of Service can easily be caused to almost any WordPress website online, and how you can patch your WordPress website in order to avoid this vulnerability being exploited. It is important to note that exploiting this vulnerability is illegal, unless you have permission from the website owner. While browsing a WordPress website, my attention was drawn to the following URL: module jQuery UI Core that was requested, as demonstrated in the following image: In this blog post I will give a short example of exploiting CSRF vulnerability on Geminabox. In order to exploit the CSRF vulnerability I wrote really small tool called csrFile, which allows you to generate HTML that uploads any type of file to the supplied endpoint, you can check it out in the following link: So using the following command, you can easily create an HTML docu*ent that exploits the CSRF attack and uploads malicious gem file to the Then in case the victim will browse to the attacker's link that contains the HTML generated from csrFile, his browser will automatically will upload the attacker's malicious gem to geminabox system. Note: it is possible to exploit persistent XSS attack (CVE-2017-14506) in that way as well. While we are on Facebook, we are often share links to external sources, like Youtu*e, Google Drive, Instagram, or any other websites. Many people think that Facebook links are quite reliable, but are they? Facebook users can send those links via post or privately over Messenger, as you can see on the following images: In this short blogpost I will give a short explain of XSS vulnerability i found on geminabox Geminabox parses the uploaded gems and gives the users list of the gems on the system as the following image: After few times, I succeeded to create a GEM file to exploit XSS, the attack scenario goes as follows: