PHP
November 27, 2016
PHP Object Injection & Serialization Vulnerabilities
PHP Object injection vulnerabilities can be fairly hard to exploit in a black box penetration testing scenario. In this tutorial, I'm gonna show you guys how serialization vulnerabilities actually work in PHP.
ReadJuly 3, 2016
[WordPress] Real 3D Flipbook Plugin Exploit
Wordpress 3d flipbook vulnerabilities. Delete any file or directory from the server (Unauthenticated). Upload images in Root directory (Unauthenticated). XSS vuln.
ReadSeptember 29, 2015
[PHP][C++] Root Exploiter (Part 2) – No Back-Connect
This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven't already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect.
ReadSeptember 23, 2015
[PHP][Python] Root Exploiter – No Back-Connect
Have you ever had any of the following issues? Shell access to a vulnerable (Rootable) server with a known root exploit but no reverse or back connection. Shell access to a server and you know the root login credentials but no SSH or any other means
Read