Notes related to RipsTech PHP Security Calendar 2017 which aren’t accessible anymore. Challenge 1 - Wishlist class Challenge { const UPLOAD_DIRECTORY = './solutions/'; private $file; ...
Introduction to Socat
Socat is a network swiss army knife utility and it is very similar to Netcat. However, Socat has many additional features that makes it a better alternative to Netcat. Socat also has advanced featu...
Finding SQL Injection vulnerabilities using polyglot payloads
Introduction Looking for SQL Injection vulnerabilities in web applications can be a complicated task. Web applications are often implemented with complicated filters or web application firewalls w...
Exploiting Local File Inclusion using PHP Wrappers
Introduction Local File Inclusion is a common technique used to include contents of a local file within a webpage. In many cases, a vulnerability can occur when a webpage uses user-controlled inpu...
6 things I didn't know Drozer could do
1 : Intent Sniffing Intent sniffing is an attack vector use to capture exposed intents. In certain cases, applications will broadcast intents and will not define any permissions that in need to re...
ZAP Scripting
Zed Attack Proxy (ZAP) is an open-source web application security scanner/proxy that can be used to find vulnerabilities. This blog post is about Zed Attack Proxy’s Scripting capabilities and how i...