Tag: cyberstorm.mu

Operation WTF Hackathon by cyberstorm.mu – Day 2

After having set up our network environment for the operation WTF, cyberstorm.mu team started working on several vulnerabilities around WordPress content management system. It started on Saturday the 14th of May where several proofs of concept (POC) were established. I was shocked to see how come it is easy to exploit a WordPress website. For security purpose, we have to blank parts of  URLs before posting on social networks. No wonder, Loganaden Velvindron of cyberstorm.mu did not hesitate to give his opinion on Medium.com“Many bloggers use it, because it is both easy to set up, and there is a rich ecosystem of WordPress plugins. WordPress has often been criticized due to its security record. What is more worrying is the varying quality of the WordPress plugins.” 

POC - Vulnerability found !
POC – Vulnerability found !

Operation WTF – WordPress Tiny flaws end up on Sunday the 15th of May 2016 after lines of codes were fixed up from many WordPress plugins. We can also notice how dangerous it is if a proper audit is not carried out on WordPress before putting a website to production. Here is another example where the /etc/passwd was retrieved by hackers Mauritius.

CiZlRQFXEAA7Qbq

Patches were also written to fix up bugs. However, it is to be noted that for security reasons patches are not disclosed for the time being as at cyberstorm.mu we follow ethical rules and the aim to stay within the grey line is of paramount importance. 

Operation WTF Hackathon by cyberstorm.mu – Day1

If you have been following the recent activities of cyberstorm.mu those days, you would surely notice a new hackathon organized by the same team – Operation WTF with the aim to hack around WordPress security vulnerabilities. The event happened at Pereybere.

Though we did not have any network connection, the guys started with the setting up of the network cables. We used the Emtel WIFI Plus. The team set up the Antenna on top of the building as we did have a DNS issue. We then used a router with OpenWRT to boost our connection and a WIFI extender to boost the signal.

Screenshot from 2016-04-22 21-30-38At the time I am writing this article, the hackathon is still going on. Keep in touch to follow our activities.