Explore >> Select a destination
|
You are here 
|
jorgectf.github.io | ||
| | | | |
foxglovesecurity.com
|
|
| | | | | By @jstnkndy While looking for bugs in a target recently I came across a host that was running Expression Engine, a content management platform. This specific application caught my eye because upon attempting to login to the application with the username 'admin', the server responded with a cookie that contained PHP serialized data.... | |
| | | | |
pwning.systems
|
|
| | | | | It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I'll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug! Let's pretend we have the following code, which passes some user-input to filter_var() and uses the FILTER_VALIDATE_DOMAIN or FILTER FLAG HOSTNAME flag. This adds the functionality to validate hostnames on a per-host rationale (this means that they must begin with an alphanumeric character and must contain only alphanumerics or hyphens throughout their entire length). | |
| | | | |
www.evonide.com
|
|
| | | | | Implementation of a fuzzer to find vulnerabilities in PHP's unserialize function. This helped us to earn a $20,000 bug bounty from Pornhub on Hackerone. | |
| | | | |
www.promptingguide.ai
|
|
| | | A Comprehensive Overview of Prompt Engineering | ||
