logo
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

#WRITEUP

Pentest Everything

This book is my collection of notes and write-ups for various offensive security based topics and platforms. This book is generally updated most days and will continue to be for the foreseeable future. If at any point this book stops being developed, I will leave a warning on this page.

InfoSec Write-ups

Awesome write-ups from the world’s best hackers intopics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges, and real-life encounters.