• Write-Up: Hacking an Admin Panel for Managing In-Store Displays

    This is a Write-Up for an analysis of an admin panel, used by a notable company to manage in-store displays, that uncovered several security vulnerabilities. These ranged from authentication bypasses, which could allow any individual to create an account, to SQL injections where user input was directly passed into PostgreSQL queries.

  • Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability

    This blog post explores a CRLF injection vulnerability in the Location header of an HTTP response and how it could be used to chain it with other attacks.

  • xpwn - exploiting xdebug enabled servers

    xdebug is a PHP extension for debugging code, it allows settings breakpoints, view and modify the contents of variables/objects and to execute code. Usually xdebug is installed locally for debugging purposes.