From 0 to pentesting hero
XXE - XML External Entity
Today we are going to search for some vulnerabilitis in the code responsible for XML parsing.
22-01-2019
2 MIN READ
From 0 to pentesting hero
Ruby
Today we are going to talk about Ruby language. We'll take a look at a simple implementation of the proxy server.
16-01-2019
2 MIN READ
From 0 to pentesting hero
Why you shouldn’t use input function in Python 2?
Today's example consists of 2 lines of python code, because usually it's enough to introduce a vulnerability to our application.
09-01-2019
2 MIN READ
Vulnerabilities
Kallithea <= 0.3.4 Incorrect access control and XSS
This vulnerability allows a normal user to modify the permissions of repositories that he normally shouldn’t have access to.
12-12-2018
2 MIN READ
Vulnerabilities
Gitea 1.4.0 Unauthenticated Remote Code Execution
This is part 1 of 3 about bugs inside Gitea
05-07-2018
5 MIN READ
Vulnerabilities
ManageEngine Exchange Reporter Plus Unauthenticated Remote Code Execution
How to create a Metasploit module in example?
28-06-2018
1 MIN READ
Vulnerabilities
GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket Unauthenticated Remote Code Execution working when server is installed on Windows and authenticated arbitrary file read working on every platform
21-05-2018
4 MIN READ
Vulnerabilities
Exploit/bypass PHP escapeshellarg/escapeshellcmd functions
I create this simple cheat sheet because of GitList 0.6 Unauthenticated RCE so you can easily understand how it works.
25-04-2018
5 MIN READ
From 0 to pentesting hero
Unzip
This time, unusually - we are not going to look at a specific programming language but a Linux function - unzip - that is for extracting files.
29-01-2019
2 MIN READ