Vulnerabilities
WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation
You can login as anyone without knowing password because of incorrect usage of wp_set_auth_cookie().
10-01-2017
1 MIN READ
Ctf
SharifCTF 7 Web Writeup
Bypassing XSS auditor.
18-12-2016
5 MIN READ
Vulnerabilities
AbanteCart 1.2.7 Stored XSS and SQL Injection
We can pass __e value which is base64 encoded and unfortunatelly those datas are not cleaned.
06-12-2016
2 MIN READ
Vulnerabilities
WinPower V4.9.0.4 Privilege Escalation
We can set command which will be executed when monitor get remote shutdown command.
29-11-2016
1 MIN READ
Ctf
QiwiCTF 2016 Web Writeup
There is SQL Injection in Cookie.
18-11-2016
2 MIN READ
Vulnerabilities
e107 CMS 2.1.1 Privilege Escalation
Datas from $_POST['updated_data'] inside usersettings.php are not properly validated so we can set user_admin value in database using this input.
09-11-2016
1 MIN READ
Vulnerabilities
MantisBT 1.2.19 Reflected XSS
strip_tags() function doesn't strip incomplete HTML tags.
26-10-2016
1 MIN READ
Vulnerabilities
Dolphin 7.3.0 Error Based SQL Injection
$_REQUEST['key'] is not escaped.
20-09-2016
1 MIN READ
From 0 to pentesting hero
Unzip
This time, unusually - we are not going to look at a specific programming language but a Linux function - unzip - that is for extracting files.
29-01-2019
2 MIN READ