Facebook CTF 2019 : pdfme Writeup
This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...
This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...

This walkthrough shows the process I used to capture and complete some systems within the Pentestit v12 test lab. This walkthrough contains my field notes I took when I was working through the box....

This walkthrough is a guide on how to exploit HTB Active machine. A quick nmap scan of the target system reveals the following information. The arguement -p- can also be used to scan the entire por...
Often when looking for Stored Cross-site scripting (XSS) vulnerabilities, file upload functionalities can be targeted. This will include trying to upload an HTML file or a Flash SWF file that conta...
Open-source intelligence (OSINT) refers to techniques used to collect data from publicly available sources that can be used for enumeration or attacking a target further. This blog post will provid...
This advisory discloses a CSRF vulnerability that exists in phppgadmin/phppgadmin. The details that was sent to the maintainer can be seen here: phppgadmin%20CSRF%20Vulnerability.pdf CSRF Introduc...
The HTML <a> element, also known as anchor element is used within webpages to create an hyperlink to another resource. The anchor tag can also be specified with several attributes, one of the...
Notes related to RipsTech PHP Security Calendar 2017 which aren’t accessible anymore. Challenge 1 - Wishlist class Challenge { const UPLOAD_DIRECTORY = './solutions/'; private $file; ...
Socat is a network swiss army knife utility and it is very similar to Netcat. However, Socat has many additional features that makes it a better alternative to Netcat. Socat also has advanced featu...
Reflected Cross-Site Scripting The host regex parameter of the Ganglia Web 3.7.2 application was determined to be vulnerable to Reflected Link Cross Site Scripting (XSS) attacks. These could potent...