How to hack WordPress?
Вставка
- Опубліковано 30 лип 2024
- 🖥️ Check out the Wordfence Bug Bounty Program: bbre.dev/wf
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
In this video, I'm showing you how to start hacking Wordpress, how to analyse the source code of a WordPress plugin and what bugs to pay attention to to maximise your bounty.
Wordfence Discord: / discord
doker-compose.yaml: gist.github.com/Rhynorater/9c...
Plugins in scope: ctbb.show/downloads/pluginData
The credit for creating these goes to @criticalthinkingpodcast
Advanced Search in VS Code: members.bugbountyexplained.co...
🖥 Get $100 in credits for Digital Ocean: bbre.dev/do
Timestamps:
00:00 Intro
00:49 How to setup a local WordPress instance for testing?
01:45 How to start analysing a WordPress plugin?
09:24 Wordfence Bug Bounty Program
11:30 How can a WordPress plugin create a new endpoint in another way?
14:10 Walkthrough of a real vulnerability - Наука та технологія
Thank you for watching the video and welcome to the comment section. You can check out the Wordfence Bug Bounty program here: bbre.dev/wf
It would have been nice to see a quick overview of how to submit the bug report to wordfence. I'm sure the link explains it fine, but it woulda been nice to see. Good video though.
@@reed6514I think if you can find a valid bug in a plugin, you'll also deal with a simple form😉
@@BugBountyReportsExplainedlol very true
Can we get more videos showing real bugs that have already been patched, knowing there wil be a bug in the code we are looking over will make the video more engaging.
Love some php code review, so ill for sure try this!
Yoo amazing 🎉
very helpful video, thank man:)
Love this
Amazing
Thanks for the video =)
Hello and thank you.
whats the best online platform/group/channels for me to learn more about this topic??
Wordfence Discord is the probably the best community for this. The link is in the description ;)
Really good content :)
I am convinced you are the pentesterlab dude
I am not though
@@BugBountyReportsExplained Oh Wow I DID NOT EXPECT YOU WILL REPLY , I love your content thank you so much for your effort.
Vidno chto svoy)
Какой свой, он с германии или нидерландов. Точно не помню, но он точно не с снг.
First comment buddy
Sny bbrf discount available
Sorry, I only do discounts like once a year
is there a need to enable anything from settings of VS Code? There's no match found for '
you need to enable the regex search which is in the search input field
hey, yeah I had figured that out, thanks for the reply and such an amazing video
@@BugBountyReportsExplained
any resource recommendations on sharping our source code analysis skills?