Tag Archives: Design Flaw

Decrypting suhosin sessions and cookies.

Posted on November 30, 2011 by Phil

The suhosin module provides transparent cookie and session encryption out of the box to PHP applications. Once enabled any session values stored on disk are encrypted with rijndael and a slight variation on base64 encoding, the same applies to any … Continue reading →

Posted in PHP | Tagged Design Flaw, PHP, Security, Suhosin | 2 Comments

Clickjacking and XSS for reading autocomplete credentials.

Posted on October 26, 2011 by Phil

By combining Cross Site Scripting (XSS) with Clickjacking and JavaScript it is possible to extract passwords and data stored within the browsers Autocomplete cache. Autocomplete is a feature supported by all browsers to cache input field values – it can … Continue reading →

Posted in JavaScript | Tagged Clickjacking, Design Flaw, XSS | Leave a comment

Exploit: PHPCaptcha / Securimage is not secure.

Posted on May 25, 2011 by Phil

Recently I discovered an easy way to bypass PHPCaptcha also known as SecurImage. The method described below will break the CAPTCHA every time, without fail and affects versions 1.0.4 and above. Previous versions are also probably vulnerable tho only exploit … Continue reading →

Posted in Exploits, PHP | Tagged CAPTCHA, Design Flaw, Exploit, PHP, Security | 11 Comments

Tag Archives: Design Flaw

Decrypting suhosin sessions and cookies.

Clickjacking and XSS for reading autocomplete credentials.

Exploit: PHPCaptcha / Securimage is not secure.

Recent Posts

Recent Comments

Archives

Categories

Tag Archives: Design Flaw

Decrypting suhosin sessions and cookies.

Clickjacking and XSS for reading autocomplete credentials.

Exploit: PHPCaptcha / Securimage is not secure.

Recent Posts

Recent Comments

Archives

Categories

Tags