Explore >> Select a destination
|
You are here 
|
jorgectf.github.io | ||
| | | | |
www.serveradminblog.com
|
|
| | | | | ||
| | | | |
pwning.systems
|
|
| | | | | It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug! Let's pretend we have the following code, which passes some user-input to filter_var() and uses the FILTER_VALIDATE_DOMAIN or FILTER FLAG HOSTNAME flag. This adds the functionality to validate hostnames on a per-host rationale (this means that they must begin with an alphanumeric character and must contain only alphanumerics or hyphens throughout their entire length). | |
| | | | |
www.evonide.com
|
|
| | | | | Implementation of a fuzzer to find vulnerabilities in PHP's unserialize function. This helped us to earn a $20,000 bug bounty from Pornhub on Hackerone. | |
| | | | |
therestisjustcode.wordpress.com
|
|
| | | This month's T-SQL Tuesday is hosted by Brent Ozar andhe's asked everyone to find interestingbug or enhancement requests in Microsoft Connect related to SQL Server. The Connect item doesn't have to have anything to do with T-SQL - it could be about the engine, SSRS, R, the installer, whatever. Now, more than ever, Microsoft has... | ||
