Finding Zero-Day XSS Vulns via Doc Metadata (+ WordPress 0day)

I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata

It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days.

I hope you enjoy it.


Posted

in

by

Looking to get in touch?