Exploiting Admin Functionality in WordPress Using ClickJacking

hello all

it’s been a while after writing a post and you may know Abysssec  mostly write about application security but we are working on web apps too . in this post we are gonna talk about funny case of wordpress exploitation using ClickJacking technology. as you may know Wordpress Admin panel has x-frame-option which prevent clickjacking but in main page of blog no x-frame-option has been set, so it possible to trick him and make him to post a comment, using Clickjacking. As you may know admin can post comment with html and it is obvious by default this isn’t dangerous, But as blog main page has no x-frame-option it is possible to make XSS of it and finally you can mix ClickJacking /XSS / HTTPOnly Disclosure to make a working exploit.

here is video of  PoC sorry for hosting we have some issue we will upload on abysssec soon  :


WordPress is aware of unfiltered html with superadmin user but as you can see it’s still possible to exploit the issue .

we reported this so called issue to wordpress ~2 month ago

the answer we got is :

Thank you for the report. We're looking into this and will get back to you soon.
Sorry for the delayed reply. We've been discussing how best to do this without inconveniencing users.  At the moment we're considering adding the unfiltered_html nonce via JS when the page is not framed. I'll hopefully have a patch to share soon.

Thanks all

happy blogging !

DEP/ASLR bypass using 3rd party + Clarification

hello again to all of our great readers .

is this post we are going to do some clarification also share and drop some random 0day DEP/ASLR bypass using 3rd parties .

due to there is lots of things to say we wrote all the notes as an article called “The Arashi”.


Table of content :


Introduction and warning

The Story of Sayonara

First Method: ASLR Bitter

Second Method: Process Explorer

Narly Windbg Extension

Mona / PVEFindAddr

Ropping this fun DLL

First 0day tatsumaki

Second (half) 0day Ikazuchi

Third 0day Sugokunai

Final Note


and finally  here you can download it from  : here

note that the offer in paper will be expire in 10 day so if you are verified and need one of modules let us know .

as always feel free to contact us : info [at] abysssec.com

and also follow @abysssec in twitter


Get Adobe Flash playerPlugin by wpburn.com wordpress themes