Category Archives: Hacking Web

Hacking Web applications.

CVE-2020-10963 – Unrestricted File Upload in FrozenNode/Laravel-Administrator

Hi all, This time, we want to show you how we achieved unrestricted file upload in the Laravel-Administrator package of FrozenNode. This open source software, is an administrative interface builder for Laravel.  https://github.com/FrozenNode/Laravel-Administrator As Laravel-Administrator allows you to create your own modules, … Continue reading

Posted in Hacking Web | Tagged , , , , , , , | Leave a comment

CVE-2020-8088 – UseBB Forum 1.0.12 – PHP Type Juggling vulnerability

Hello! Last week I was reading about PHP Type Juggling vulnerabilities and I decided to spend a couple of days learning about them. These vulnerabilities can happen during comparison of PHP variables, because PHP will automatically convert the data into … Continue reading

Posted in Hacking Web | Tagged , , , , , , | Leave a comment

Siemens Polarion – CVE-2019-13934, CVE-2019-13935, CVE-2019-13936

Hello, I write this blog post for people that is just starting in web application hacking. I recommend you that you just download some product or web application and start testing it. You are going to realize that sometimes is … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 4

Time to move on to time-based SQLi.   Time based SQLi The process is almost the same as boolean-based. The thing that changes is the way to identify a true condition. Let’s visit level 9 of sqlilabs. The way to … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 3

In this article I’m going to explain step by step how you can extract information of a database using a blind boolean based SQLi vulnerability.   Blind boolean based SQLi First of all we need to understand what a boolean … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 2

Let’s continue understanding SQL injections. This time we are going to focus on understanding how to exploit more complicated SQL injections manually.   Error/Doble Query To understand Error-based SQLi, we need to start doing lesson 5 and 6 of the … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 1

Introduction The purpose of this post is not to teach you how to exploit a SQL Injection vulnerability, if you are just looking for that, just google sqlmap. In this article I will try to explain to you how SQL … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment