This advisory discloses a CSRF vulnerability that exists in phppgadmin/phppgadmin. The details that was sent to the maintainer can be seen here: phppgadmin%20CSRF%20Vulnerability.pdf CSRF Introduc...
The target="_blank" Vulnerability
The HTML <a> element, also known as anchor element is used within webpages to create an hyperlink to another resource. The anchor tag can also be specified with several attributes, one of the...
RipsTech PHP Security Calendar 2017 Notes
Notes related to RipsTech PHP Security Calendar 2017 which aren’t accessible anymore. Challenge 1 - Wishlist class Challenge { const UPLOAD_DIRECTORY = './solutions/'; private $file; ...
Introduction to Socat
Socat is a network swiss army knife utility and it is very similar to Netcat. However, Socat has many additional features that makes it a better alternative to Netcat. Socat also has advanced featu...
6 things I didn't know Drozer could do
1 : Intent Sniffing Intent sniffing is an attack vector use to capture exposed intents. In certain cases, applications will broadcast intents and will not define any permissions that in need to re...
ZAP Scripting
Zed Attack Proxy (ZAP) is an open-source web application security scanner/proxy that can be used to find vulnerabilities. This blog post is about Zed Attack Proxy’s Scripting capabilities and how i...