iThemes Security 4.6.12 – Stored XSS

Last month I found a stored xss vulnerability in the popular WordPress security plugin iThemes Security. I have since then been emailing back and forth with them and they have now released an version which fixes the issue.

It was really a nice experience working with them, and they kept me updated on every part of the process.

After the new version were out, I wrote an advisory which is published on

Fun with grep and command injection in web applications

I wrote this for

The past days I have been playing around with command injection vulnerabilities when grep is used in web applications in combination with user controlled input, and possible ways to bypass different filters etc. In this article I will write about what I have found.

“Why?!”, you may ask. The reason why I decided to spend time on this is because, when searching for command injection on Google most of the examples that comes up is about pinging hosts and very little about other methods.

Today’s learning’s – More overflows, ret2libc, opcode and more

This post is a part of my “Today’s Learning’s”  series. If you’re interested in, or wonder why, I’m writing these posts please read my article named “My Journey Through 2015“.

So! Another day, more learning. Today has been a really good day for me. I’m still working on the Protostar Stack exercises, and this time I learned about how to do basic debugging of shellcode by using the opcode for INT3 debugger trap instruction. Also learned how to bypass No-eXecute (NX) protection using return to libc (ret2libc) method, and more…

Continue reading Today’s learning’s – More overflows, ret2libc, opcode and more

Today’s learning’s – Buffer overflow, gdb, and more

Welcome to the first article in my “today’s learning’s” series. Last night and today I have been working on the Stack exercises in Protostar from So far I’ve solved Stack 0 through 3. These exercises covers the basics of stack based buffer overflow vulnerability, and each exercise teaches you something new about it.

Even though they all have individual goals, I have set one goal myself which is to gain root shell as well as solving it as first intended.

Continue reading Today’s learning’s – Buffer overflow, gdb, and more

Installing, configuring and hardening Weechat on Linux

It’s sad to say, but the reality these days is that you can never feel safe anywhere. Not even online chatting with your friends. There are several default configurations that help disclosing sensitive information about you and the system you are running. This information can be of great value to malicious users. So in this article I will describe some steps you can take to feel a tiny bit more safe. Continue reading Installing, configuring and hardening Weechat on Linux

0x03 File Inclusion – Log poisoning to code execution

This article is a part of my file inclusion series. If you do not know about file inclusion vulnerability I suggest you read my introductory article on the topic.

In this article I will explain how we, in some scenarios, can use different types of logs on a server to gain remote execution and, in the end, shell access. This method is called log poisoning, and is the process of infecting a log file with malicious code. We can then use local file inclusion to load this code and execute arbitrary commands on the system.

This post is an extension of an old blog post I wrote which is now dead. So I’m bringing it back to life.
Continue reading 0x03 File Inclusion – Log poisoning to code execution

Things are calming down

This is a really quick update, just to show that the blog is not dead. Finally things are slowing down around here. No longer living in a maze of cardboard boxes and plastic bags and christmas is over. It’s been a hectic month, but now I’ve finally got time to sit down and work on my blog.

I’ve written some more on part 3 of my file inclusion series, and I expect to post it very soon, hopefully tomorrow.

I hope everyone has had a great christmas, and enjoyed the holiday with family and good friends.