-
Write-Up: Hacking an Admin Panel for Managing In-Store Displays
This is a Write-Up for an analysis of an admin panel, used by a notable company to manage in-store displays, that uncovered several security vulnerabilities. These ranged from authentication bypasses, which could allow any individual to create an account, to SQL injections where user input was directly passed into PostgreSQL queries.
-
Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability
This blog post explores a CRLF injection vulnerability in the
Location
header of an HTTP response and how it could be used to chain it with other attacks. -
xpwn - exploiting xdebug enabled servers
xdebug is a PHP extension for debugging code, it allows settings breakpoints, view and modify the contents of variables/objects and to execute code. Usually xdebug is installed locally for debugging purposes.