web application security 10
- SuiteCRM - Phar Deserialization to Code Execution May 10, 2021
- ADempiere Unsafe Deserialization to Code Execution Apr 15, 2021
- OpenCATS PHP Object Injection to Arbitrary File Write Jan 17, 2021
- PHP Object Injection Exploitation Notes Jan 9, 2021
- DomGoat Walkthrough Feb 9, 2020
- Common XSS payloads I use Aug 3, 2019
- Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting Sep 21, 2018
- phppgadmin CSRF to Code Execution Jul 29, 2018
- The target="_blank" Vulnerability Apr 27, 2018
- ZAP Scripting Aug 25, 2015