-
Recent Posts
- Raspberry PI and Tor for slightly easier OPSEC
- Data exfiltration through the VMware hypervisor
- Encoding Web Shells in PNG IDAT chunks
- Taking screenshots using XSS and the HTML5 Canvas
- Exploit: Symfony2 – local file disclosure vulnerability
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- JavaScript and Daylight Savings for tracking users.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- Javascript keylogger in JQuery.
- Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
- PHP Remote File Inclusion command shell using data://
- Hardening and securing PHP on Linux
- Using php://filter for local file inclusion
Recent Comments
Archives
Categories
Category Archives: PHP
Encoding Web Shells in PNG IDAT chunks
If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere (and I’m not talking about encoding data in comments or metadata) – this post will show you how … Continue reading
Exploit: Symfony2 – local file disclosure vulnerability
I recently discovered a vulnerability affecting the Symfony2 Framework versions 2.0.0-2.0.10. In short, by by parsing user supplied XML in any way (e.g. SOAP API, RSS feed, unserializing an object) it is possible to disclose the contents of arbitrary files from the … Continue reading
Decrypting suhosin sessions and cookies.
The suhosin module provides transparent cookie and session encryption out of the box to PHP applications. Once enabled any session values stored on disk are encrypted with rijndael and a slight variation on base64 encoding, the same applies to any … Continue reading
Google TOTP Two-factor Authentication for PHP
At the beginning of the year Google released 2 Factor Authentication (2FA) for G-Mail providing an application for Android, IPhone and Blackberry called Google Authenticator to generate one time login tokens. This post will show how to implement Google 2FA … Continue reading
Exploit: PHPCaptcha / Securimage is not secure.
Recently I discovered an easy way to bypass PHPCaptcha also known as SecurImage. The method described below will break the CAPTCHA every time, without fail and affects versions 1.0.4 and above. Previous versions are also probably vulnerable tho only exploit … Continue reading
PHP Remote File Inclusion command shell using data://
PHP 5.2 and above provides stream wrappers. The general idea behind the stream wrapper is that you write one that interfaces with other protocols or services and you can still reference the data using your favourite functions. Here we open … Continue reading
Hardening and securing PHP on Linux
Hardening PHP on linux to increase security is a complex process involving a plethora of settings. A while back I developed a script in order to check for any security settings that were out of place. The idea is that … Continue reading
Using php://filter for local file inclusion
I came across a website where the site was vulnerable to LFI (local file inclusion) however the inclusion was done using a require_once and the script appended a .php extension to the end of the file; furthermore it was not … Continue reading