So, a while back I was on the hunt for an open source project that I could play around with to see if I could find some vulnerabilities. I went to Github and checked out trending PHP projects, and HumHub was on the very top, and decided to go with that. Continue reading
This article is a shellshock proof of concept which will explain how this vulnerability can be used to gain reverse shell.
So last night Twitter started lighting up with tweets about a new vulnerability, a 0day, in bash that enabled arbitrary code execution on vulnerable systems. The activity has only escalated since, and the information is now everywhere.
Unicode has brought headaches to developers all around the world. It has caused countless hours of trial and error, sleepless nights and probably a decent amount of hair loss as well. After fine tuning complex patterns it turns out that it doesn’t really work any ways.
If you have ever had to work with regular expressions you have seen patterns like /[a-zA-Z0-9]+/ or /[\w\d]/. There’s nothing wrong with these patterns but if you have to work with unicode string you’re screwed. So through this post I will try and explain as good as possible how to work with unicode character properties in regular expression. Continue reading
In this article we will look at how we can perform two step password hashing using hmac and bcrypt. The approach explained in this post is the same standard used by the Mozilla security team.
Many people might see this as an overkill or think that “my application is so small that I don’t need it”. No matter the scale of your application, as long as you have your system available in the world wide web you are a possible target for attackers. Even though you only have one member on your site that memeber’s security is just as important as if you had 1 billion members. Continue reading
So, you have realized that the way you have hashed your users passwords needs to be updated, but you don’t want to cause any extra trouble for your users by forcing them to change password. In this article I will explain how you can migrate hashed passwords without your users knowing because their password remains the same.
From my previous experience this is one of the main reasons why people are so hesitant of updating their stored hashes. They are afraid what their users will say. So this fear actually in many cases causes systems to remain insecure, and the day they get breached they regret that nothing was done earlier while the users information is leaking all over the internet. Continue reading
Many people just uses PHP’s native functionality blindly thinking that everything will work smoothly, but that isn’t always the case. In this article I will show how we can improve email and url sanitation in PHP. Continue reading
Welcome back to the write up on Over The Wire’s Natas wargame level 5 – 8.
I’ve already described what this wargame is about in the first post, so let’s just get started! Continue reading
Over The Wire is a collection of different war games. The games ranges from beginner to advanced, and is a really nice place to learn about security.
The war game Natas focuses on web application vulnerabilities, and has a total of 26 levels. To advance to the next level you need to solve the current level you’re on.
This article will explain level 0 to 4. So if you don’t want to spoil the solution, you should stop reading now.
Ever wondered how people are able to hack into people’s email, Facebook, Twitter, etc? In this article I will explain how to play the password guessing game. Hopefully this can serve some good as well, and stop you from making the mistake of making easily guessable passwords for yourself. Continue reading
While searching around the web for new nifty tricks I stumbled across this post about how to get remote code exeution exploiting PHP’s mail() function.
Update: After some further thinking and looking into this even more, I’ve found that my statement about this only being possible in really rare cases was wrong. Since this can also be exploited in other scenarios which is much more common than I first thought. So, instead of removing content, I added a strike through on the statements that’s no longer valid, and updated with a 2nd scenario explanation.
First, I must say that this is only going to happen under some really rare circustances. Never the less, it’s really something to think about and keep an eye out for. I will explain an example scenario which I think could be a real life scenario later in this article.
So, when that’s said, let’s have a look at what this is all about. Continue reading