Страницы

понедельник, 2 января 2017 г.

Using PHPMailer vulnerability to take the session

At the end of 2016 world was shocked by remote code execution exploit for PHPMailer.  It's a very common 3rd party library which use...
87 комментариев:
понедельник, 25 апреля 2016 г.

New PHP extensions should be hardcoded :)

PHP 6 and PHP 7 are here. Many applications still using blacklist filtration for upload and other file operations files. Note, that now y...
197 комментариев:
среда, 9 декабря 2015 г.

One more useful PHP class for unserialize() bugs

In a hurry to share PHP common class for deserialization vulnerabilities. It's FileCookieJar class of Guzzle project . Look at its d...
47 комментариев:
пятница, 6 ноября 2015 г.

Increases the power of PAM steal module.

A year ago we released our PAM steal module . It's easiest and safest way to steal passwords and local privilege escalation. Basical...
14 комментариев:
пятница, 5 сентября 2014 г.

WordPress 3.9.2- XXE through media upload (WAV ID3 tag)

Recently WordPress patched XXE vulnerability http://wordpress.org/news/2014/08/wordpress-3-9-2/ which were found during @ONsec_lab securit...
90 комментариев:
пятница, 18 июля 2014 г.

PAM_steal plugin released

Typically pentest’s attack can be presented by the following schema: perimeter -> command execution -> privileges escalation -> ...
19 комментариев:
понедельник, 23 июня 2014 г.

XXE OOB exploitation at Java 1.7+

Java since 1.7 patched gopher:// schema (thanks A.Polyakov for that https://media.blackhat.com/bh-us-12/Briefings/Polyakov/BH_US_12_Polyak...
427 комментариев: