{"id":147,"date":"2021-11-14T12:00:00","date_gmt":"2021-11-14T06:00:00","guid":{"rendered":"https:\/\/murat.one\/?p=147"},"modified":"2022-04-06T02:04:28","modified_gmt":"2022-04-05T20:04:28","slug":"my-speech-on-kolesa-conf21","status":"publish","type":"post","link":"https:\/\/murat.one\/?p=147","title":{"rendered":"My speech at Kolesa Conf&#8217;21"},"content":{"rendered":"\n<p class=\"justifier\">I spoke at conference Kolesa Conf&#8217;21 several days ago with topic &#8220;Hacking up-to-date WordPress&#8221;.<\/p>\n\n\n\n<p class=\"justifier\">Speech about typical mistakes of young developers, when they mixing up development and production environments. Also, presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest WordPress.<\/p>\n\n\n\n<p>On Youtube:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Kolesa Conf&#039;21 - \u041b\u043e\u043c\u0430\u0435\u043c \u0441\u0430\u043c\u044b\u0439 \u0441\u0432\u0435\u0436\u0438\u0439 WordPress - \u041c\u0443\u0440\u0430\u0442 @manfromkz\" width=\"750\" height=\"422\" src=\"https:\/\/www.youtube.com\/embed\/3-OA459Xxyk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>My presentation in PDF:<\/p>\n\n\n\n<div class=\"wp-block-file\"><object class=\"wp-block-file__embed\" data=\"https:\/\/murat.one\/wp-content\/uploads\/2022\/04\/Hacking-Wordpress-@manfromkz.pdf\" type=\"application\/pdf\" style=\"width:100%;height:600px\" aria-label=\"Embed of Embed of Hacking-Wordpress-@manfromkz..\"><\/object><a id=\"wp-block-file--media-89762df1-ba1c-419d-899c-c341488fb12d\" href=\"https:\/\/murat.one\/wp-content\/uploads\/2022\/04\/Hacking-Wordpress-@manfromkz.pdf\">Hacking-Wordpress-@manfromkz<\/a><a href=\"https:\/\/murat.one\/wp-content\/uploads\/2022\/04\/Hacking-Wordpress-@manfromkz.pdf\" class=\"wp-block-file__button\" download aria-describedby=\"wp-block-file--media-89762df1-ba1c-419d-899c-c341488fb12d\">Download<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>I spoke at conference Kolesa Conf&#8217;21 several days ago with topic &#8220;Hacking up-to-date Wordpress&#8221;. Presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest Wordpress.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[14,1],"tags":[25,22,26,17,23,24],"_links":{"self":[{"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/posts\/147"}],"collection":[{"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/murat.one\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=147"}],"version-history":[{"count":3,"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/posts\/147\/revisions"}],"predecessor-version":[{"id":153,"href":"https:\/\/murat.one\/index.php?rest_route=\/wp\/v2\/posts\/147\/revisions\/153"}],"wp:attachment":[{"href":"https:\/\/murat.one\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/murat.one\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/murat.one\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}