Alex over at Question-Defense posted an article in March about stopping WordPress User Enumeration. It turns out that in reality, he not only wanted a more formal patch for this vulnerability but I also knew of another user enumeration vulnerability in WordPress. After hanging out for a bit at Blackhat he and I decided to plop down and come up with a formal patch to address these vulnerabilities. If you want to read the full article on this post check out: Block WordPress User Enumeration, Secure WordPress Against Hacking Grab the patch after the fold:

Responsible disclosure is something I firmly believe in and I think it’s something all security researchers should practice. Recently I contacted T-Mobile about multiple vulnerabilities in their website and I’d like to talk about my experience with them to show that not only does responsible disclosure work, it is highly effective.

vulnerability-lab.com suffers from a Cross-Site Scripting (XSS) vulnerability

A few weeks ago while checking out the Shazam.com website I decided, “Hey, I wonder if I can find any small vulnerabilities in Shazam.” I thought of this because I had not heard of their security posture recently despite the fact that they are such a large website. I soon found myself a nice little XSS vulnerability in their search functionality.