Breaking PHP internals
A vulnerable application allows an attacker to load arbitraty PHP classes by sending out specially crafted requested.
Exploiting PHP autoloader we can turn it into a Local File Inclusion.
A vulnerable application allows an attacker to load arbitraty PHP classes by sending out specially crafted requested.
Exploiting PHP autoloader we can turn it into a Local File Inclusion.
In this post we will see how you can bypass upload filters in Joomla and deliver a payload to steal victim session token.
With a little of effort, it's possible to trick a Super User to visit a malicious page and force him to create a new Super User for us.
On one of my domains, the host is offering CLI access as part of their hosting plan. What could be possible go wrong with giving SSH access to the customers? Apparently a lot of things.
While performing some online assesment, a critical information disclosure has been found on Wappalyzer.com. The vulnerability has been fixed, this is the full disclosure about the issue.