November 27, 2016

PHP Object Injection & Serialization Vulnerabilities

PHP Object injection vulnerabilities can be fairly hard to exploit in a black box penetration testing scenario. In this tutorial, I'm gonna show you guys how serialization vulnerabilities actually work in PHP.


July 3, 2016

[WordPress] Real 3D Flipbook Plugin Exploit

Wordpress 3d flipbook vulnerabilities. Delete any file or directory from the server (Unauthenticated). Upload images in Root directory (Unauthenticated). XSS vuln.


September 29, 2015

[PHP][C++] Root Exploiter (Part 2) – No Back-Connect

This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven't already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect.


September 23, 2015

[PHP][Python] Root Exploiter – No Back-Connect

Have you ever had any of the following issues? Shell access to a vulnerable (Rootable) server with a known root exploit but no reverse or back connection. Shell access to a server and you know the root login credentials but no SSH or any other means