0x03 File Inclusion – Log poisoning to code execution
Skull and crossbones

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you…

VerCh – Open Source Web Application Version Checker

I have been working on a project since mid December called VerCh, short for Version Checker. It’s as simple as it sounds. A…

Things are calming down
slowing-down

This is a really quick update, just to show that the blog is not dead. Finally things are slowing down…

Stressful times
Courtesy of examinedexistence.com

I know that I have been promoting posts, and my file inclusion series around the web, and the third part of…

0x02 File Inclusion – Information harvesting
Courtesy of school.discoveryeducation.com

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you…

How I logged your credentials on IRC

So, the other day I was watching the “How I Met Your Girlfriend” videos from DefCon 18. Here Samy Kamkar talked…

Command Line Russian Roulette

Ok, so I had this on my old blog, and I can still see quite a few 404 requests to…

0x01 File Inclusion – The Basics
Courtesy of chmag.in

This is the first article in my series about file inclusion . I will not go into any heavy technical details,…

XSS through Exif headers
Courtesy of calebbucker.blogspot.com

In this article we will look at how we can execute XSS through Exif headers. This is a less known entry point that…

Hack.lu ImageUpload write up
Random-truths18

In this level of the Hack.lu CTF I had to get the admin credentials to log in and retrieve the flag.

Next Page