How to prevent absolute path traversal in EasyPHP Webserver 14.1

In the EasyPHP Webserver 14.1 software, there is an Absolute Path Traversal vulnerability in the dashboard index.php page.
https://www.exploit-db.com/exploits/51430
I reviewed the source code and tried to look for the vulnerable code but I… Continue reading How to prevent absolute path traversal in EasyPHP Webserver 14.1

Any Windows/NTFS trick to ignore/cancel out a file extension from a path?

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call:
File.Open("C:\Resources\"+resName+".res", FileMode.Open)

The contents of tha… Continue reading Any Windows/NTFS trick to ignore/cancel out a file extension from a path?