Wyldgoat's blog
Cybersecurity blog and tech posts.
Posts
-
How I found my first CVE with Cross-Site Scripting(XSS)
As the new year started, I set as a goal for myself to start exploring web security and bug bounties programs. I always thought that getting a CVE was something only experienced security researchers, hardened with tons of experience, would be able to find bugs with a broad impact. However, as it turns out there are tons of low hanging fruit that are vulnerable to common bugs and can still impact the security or companies and individuals around the globe.
The vulnerable world of WordPress plugins
WordPress is a useful service that is used around the world to host blogs and e-commerce sites among other things. WordPress instances can be expanded upon with plugins that allow for new implemented functionalities.
Finding a low hanging fruit
If this is your first time looking for bugs in a program, the first place you must go to is the WordPress plugin store. Here you will find a lot of projects, some monetized some free, that may be vulnerable. It is unlikely that you will find any 0-day that will turn the internet upside down, but you can find bugs that will give you the confidence of pursuing your bug bounty journey. I suggest you spin up a docker instance of WordPress on your own computer to quickly be able to experiment on your own home lab.
Setting up WordPress Docker on your own machine
First, install docker with your package manager, here I am using Debian 11:
apt install docker.ioTo set up docker create this yaml file:
nano docker-compose.yamland insert this content:
subscribe via RSS