-
Recent Posts
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Death Note
- CTF Binary Exploitation – Cyber Apocalypse 2024: Hacker Royale – Pet Companion
- Shellcode – Windows/x86 – Create Administrator User – Dynamic PEB & EDT
- Creating your own AMSI Bypass using Powershell Reflection Technique
- Linux Shared Library Hijacking
Recent Comments
- Xavi on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Merrell Vineza on Exploit Development – Vulnserver TRUN – JMP EAX
- Xavi on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
- junsec on Shellcoding Linux x86 – Bind Shell TCP – Assignment 1
Archives
Categories
Meta
Category Archives: Hacking Web
CVE-2020-10963 – Unrestricted File Upload in FrozenNode/Laravel-Administrator
Hi all, This time, we want to show you how we achieved unrestricted file upload in the Laravel-Administrator package of FrozenNode. This open source software, is an administrative interface builder for Laravel. https://github.com/FrozenNode/Laravel-Administrator As Laravel-Administrator allows you to create your own modules, … Continue reading
Posted in Hacking Web
Tagged CVE, file upload, frozennode, Hacking web, laravel, panel, php, vulnerability discovery
Leave a comment
CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability
Hello! Last week I was reading about PHP Type Juggling vulnerabilities and I decided to spend a couple of days learning about them. These vulnerabilities can happen during comparison of PHP variables, because PHP will automatically convert the data into … Continue reading
Posted in Hacking Web
Tagged CVE, forum, Hacking web, php, type juggling, usebb, vulnerability discovery
Leave a comment
Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936
Hello, I write this blog post for people that is just starting in web application hacking. I recommend you that you just download some product or web application and start testing it. You are going to realize that sometimes is … Continue reading
Posted in Hacking Web
Tagged CVE, Hacking web, persistent XSS, vulnerability discovery, XSS
Leave a comment
SQL Injection 4
Time to move on to time-based SQLi. Time based SQLi The process is almost the same as boolean-based. The thing that changes is the way to identify a true condition. Let’s visit level 9 of sqlilabs. The way to … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 3
In this article I’m going to explain step by step how you can extract information of a database using a blind boolean based SQLi vulnerability. Blind boolean based SQLi First of all we need to understand what a boolean … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 2
Let’s continue understanding SQL injections. This time we are going to focus on understanding how to exploit more complicated SQL injections manually. Error/Doble Query To understand Error-based SQLi, we need to start doing lesson 5 and 6 of the … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment
SQL Injection 1
Introduction The purpose of this post is not to teach you how to exploit a SQL Injection vulnerability, if you are just looking for that, just google sqlmap. In this article I will try to explain to you how SQL … Continue reading
Posted in Hacking Web
Tagged hacking, owasp, security, SQLi, web application hacking
Leave a comment