April 18, 2017

The Color Of My Hat

Somebody has to wear the black hat and give the audience someone to shake their fists at. They want someone to hate. And if that's what you want to pay me to do, I'm happy to do it! – Jane Elliot. If you're not familiar with the concept of Hats in hacking, you're probably at the wrong place.


November 27, 2016

PHP Object Injection & Serialization Vulnerabilities

PHP Object injection vulnerabilities can be fairly hard to exploit in a black box penetration testing scenario. In this tutorial, I'm gonna show you guys how serialization vulnerabilities actually work in PHP.


July 3, 2016

[WordPress] Real 3D Flipbook Plugin Exploit

Wordpress 3d flipbook vulnerabilities. Delete any file or directory from the server (Unauthenticated). Upload images in Root directory (Unauthenticated). XSS vuln.


May 7, 2016

ImageTragick Exploitation – CVE-2016-3714

ImageTragick is very simple to exploit. An end user can exploit this issue by simply uploading an image. It doesn't matter how secure your image uploader is


February 6, 2016

Blinded by the Light

Few days ago, a friend asked me to solve two SQL Injection challenges on WeChall. At first, I thought this would be some regular SQL injection but I was wrong. Actually, these were quite good with some tricky rules making a great case scenario. So, I've decided to do a write-up and blow some dust off my blog.


November 9, 2015

[Exploit] vBulletin 5.1.x – PreAuth Remote Code Execution

vBulletin team has patched a critical object injection vulnerability in version 5.1.x, which can lead to Remote code execution. CVE-2015-7808 has been assigned to this vulnerability. The POC of this exploit was released by some guy on twitter after defacing the official portal of vBulletin using the same exploit.


October 25, 2015

[Mass Exploit] Joomla 3.2 to 3.4 SQL Injection

You guys know how I love to automate stuff. So earlier today I decided to automate the SQL injection vulnerability in open source CMS joomla (3.2 to 3.4.4) found by Trust Wave Labs. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover this SQL Injection vulnerability.


October 15, 2015

[Without Quotes] String Based SQL Injection

Today, I'm going to discuss a special case of string based SQL injection where you can perform the injection without the use of quotes. You heard it right, absolutely no quotes at all in string based injections. This may come in handy if the quotes are blocked.


September 29, 2015

[PHP][C++] Root Exploiter (Part 2) – No Back-Connect

This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven't already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect.


September 23, 2015

[PHP][Python] Root Exploiter – No Back-Connect

Have you ever had any of the following issues? Shell access to a vulnerable (Rootable) server with a known root exploit but no reverse or back connection. Shell access to a server and you know the root login credentials but no SSH or any other means