Author Archives: Brute Logic

XSS to RCE in CMS

May 23rd, 2017 | 🕒

Performing XSS emulation in console with jQuery.getScript() to achieve RCE in 3 different up-to-date CMSes: WordPress 4.7.5, Joomla! 3.7.2 and


The Genesis of an XSS Worm

July 6th, 2016 | 🕒

Watch an XSS worm infecting users of a social network coded from scratch. For more info check: http://brutelogic.com.br/blog/genesis-xss-worm-part-i http://brutelogic.com.br/blog/genesis-xss-worm-part-ii http://brutelogic.com.br/blog/genesis-xss-worm-part-iii


Leveraging a Self-XSS

April 2nd, 2016 | 🕒

In this video we can see how to use CSRF (Cross Site Request Forgery) to leverage a self XSS (Cross


Cerberus XSS Payload

February 6th, 2015 | 🕒

Cerberus*, a triple XSS payload against the sites “law.com”, “worldcat.org” and “bnf.fr”. The last one (“bnf.fr”) required a little change,