Introduction Deserializing user-controlled object streams at runtime can allow attackers to execute arbitrary code on the server, abuse application logic, and/or lead to denial of service Java se...
OpenCATS PHP Object Injection to Arbitrary File Write
Introduction OpenCATS is an application tracking system that is written in PHP. More about OpenCATS can be seen here: https://www.opencats.org/. OpenCATS is vulnerable to PHP Object injection, by ...
PHP Object Injection Exploitation Notes
Notes I’ve written and Collected about PHP Deserialization Introduction serialize and unserialize Serialization functions are commonly used within software to store data to a file, a memory buff...
Code Security Advent Calendar 2020 Answers
SonarSource is a company focused on code quality and static analysis. This year, SonarSource, along with RIPS Technologies will be tweeting code challenges from real world vulnerabilities on their ...
Writing AngularJS Security Semantic Rules using Semgrep
AngularJS Security is something I have looked into in the past. In 2016, I conducted a workshop on AngularJS Security in MWR’s MWRICON which highlighted some common security issues and how they cou...
Demystifying HTTP request smuggling
This is a cross post of the blog post written here:https://snyk.io/blog/demystifying-http-request-smuggling/. Often at my role as a Security Analyst within Snyk, I study trends within the dependenc...
Webhacking.kr Solutions
This blog post contains a walk-through of https://webhacking.kr/ wargames which was recommended to me by a friend. Level 1 The following can be seen in level 1. The source code of the backend ...
Patching Zip Traversal within pclzip
Recently I went hunting for Zip traversal vulnerabilities within the PHP ecosystem. While looking at well known PHP ZIP dependencies, I noticed that, both pclzip and zipper were vulnerable to trave...
DomGoat Walkthrough
DOM-based Cross site Scripting (XSS) is a type of XSS where user input is written to a web pages’ Document Object Model without proper sanitization. This could be abused by an attacker to manipulat...
Exploit Education - Nebula Walkthrough
This blog post contains a walkthrough of Nebula provided by Exploit Education. Nebula is a vulnerable ISO which has a variety of Linux privilege escalation vulnerabilities. Some of these vulnerabil...