This is a Write-Up for an analysis of an admin panel, used by a notable company to manage in-store displays, that uncovered several security vulnerabilities. These ranged from authentication bypasses, which could allow any individual to create an account, to SQL injections where user input was directly passed into PostgreSQL queries.
This blog post explores a CRLF injection vulnerability in the
Locationheader of an HTTP response and how it could be used to chain it with other attacks.
xdebug is a PHP extension for debugging code, it allows settings breakpoints, view and modify the contents of variables/objects and to execute code. Usually xdebug is installed locally for debugging purposes.