On August 11th, WordPress Version 5.5 “Eckstine” was rolled out for websites powered by the world’s most popular content management system. Over 10,000 websites have been updated, however; many of them are breaking after making the change. One of the major reasons for this bug is essentially deprecated support for the Javascript “jQuery Migrate” Library. … Read more
In this post, I will explain how a hacker can bypass file upload restrictions to upload arbitrary files using null byte injection. To fully understand the null byte vulnerability, we must take a look at how the C language handles strings. This is important because at some point, PHP relies on C/C++ functions to handle … Read more
Most developers these days are well aware of the importance of validating user input. Validating user input prevents a user from injecting malicious code on your web forms. Injecting code into a form on a website is known as Cross Site scripting (XSS) and is different from CSRF. It is unfortunate that a lot of … Read more
WordPress, everyone’s favorite CMS, has a new version: 4.2.3 available today. This should be considered as a security release for all previous versions, and of course, we strongly recommend you to update your wordpress website immediately. Here at Boston Web Group, we’ve seen tons of WordPress sites get hacked. It’s a sad thing to see, … Read more