- Raspberry PI and Tor for slightly easier OPSEC
- Data exfiltration through the VMware hypervisor
- Encoding Web Shells in PNG IDAT chunks
- Taking screenshots using XSS and the HTML5 Canvas
- Exploit: Symfony2 – local file disclosure vulnerability
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- PHP Remote File Inclusion command shell using data://
- Hardening and securing PHP on Linux
- Using php://filter for local file inclusion
Tag Archives: Design Flaw
The suhosin module provides transparent cookie and session encryption out of the box to PHP applications. Once enabled any session values stored on disk are encrypted with rijndael and a slight variation on base64 encoding, the same applies to any … Continue reading
Recently I discovered an easy way to bypass PHPCaptcha also known as SecurImage. The method described below will break the CAPTCHA every time, without fail and affects versions 1.0.4 and above. Previous versions are also probably vulnerable tho only exploit … Continue reading