Recently true-caller and Tango messenger is hacked by Syrian-Electronic-Army.And large amount of Database has been stolen. Now what is common in these sites?They have word-press 3.5.1 which is vulnerable to some attack.A weakness and multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious...

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to bypass its filter , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available...

Wpscan is wordpress security scanner, which is pre-installed in backtrack 5 , but it`s outdated version, so when you tried to update it, you may  have face some problems. Here is solution which work for me.cd /pentest/webrm -rf wpscangit clone https://github.com/wpscanteam/wpscan.gitcd wpscangem install bundler &&...

Bypassing Filter to Traversal AttacksIf your initial attempts to perform a traversal attack, as described previously, are unsuccessful, this does not mean that the application is not vulnerable. Many application developers are aware of path traversal vulnerabilities and implement various kinds of input validation checks...

Path traversal vulnerabilities arise when user-controllable data is used by the application to access files and directories on the application server or other back-end file system in an unsafe way. By submitting crafted input, an attacker Exploiting Path Traversal may be able to cause arbitrary content to be read from,...