-
Recent Posts
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- Clickjacking and XSS for reading autocomplete credentials.
- JavaScript and Daylight Savings for tracking users.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- Javascript keylogger in JQuery.
- Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
Recent Comments
Archives
Categories
Tag Archives: Security
Decrypting suhosin sessions and cookies.
The suhosin module provides transparent cookie and session encryption out of the box to PHP applications. Once enabled any session values stored on disk are encrypted with rijndael and a slight variation on base64 encoding, the same applies to any … Continue reading
Google TOTP Two-factor Authentication for PHP
At the beginning of the year Google released 2 Factor Authentication (2FA) for G-Mail providing an application for Android, IPhone and Blackberry called Google Authenticator to generate one time login tokens. This post will show how to implement Google 2FA … Continue reading
Exploit: PHPCaptcha / Securimage is not secure.
Recently I discovered an easy way to bypass PHPCaptcha also known as SecurImage. The method described below will break the CAPTCHA every time, without fail and affects versions 1.0.4 and above. Previous versions are also probably vulnerable tho only exploit … Continue reading
Javascript keylogger in JQuery.
I needed to capture someone’s login credentials using cross site scripting. However I had 3 problems. Firstly there was no XSS on the login page, secondly the only XSS was reflected, meaning it only affected the current page and thirdly … Continue reading
PHP Remote File Inclusion command shell using data://
PHP 5.2 and above provides stream wrappers. The general idea behind the stream wrapper is that you write one that interfaces with other protocols or services and you can still reference the data using your favourite functions. Here we open … Continue reading
Hardening and securing PHP on Linux
Hardening PHP on linux to increase security is a complex process involving a plethora of settings. A while back I developed a script in order to check for any security settings that were out of place. The idea is that … Continue reading
Scanning the internal network using SimpleXML
XML is widely used throughout PHP applications in the representation arbitrary data structures such as with SOAP and REST web services. It supports the use of external entities allowing you to bring in information from external sources. This is useful … Continue reading
MongoDB Null Byte Injection attacks
Following my earlier post on how MongoDB can be vulnerable to SQL injection I discovered that MongoDB is also vulnerable to Null Byte Injection. The attack could potentially let users overwrite fields in the database to which the application logic … Continue reading
Mongodb is vulnerable to SQL injection in PHP at least
Its a common misconception that as MongoDB does not use SQL it is not vulnerable to SQL injection attacks. PHP uses objects rather than SQL to pass queries to the MongoDB server; for example the following script selects an item … Continue reading