Collaborate Disseminate
I was doing a penetration test on a Moodle site version 3.10.4 (For educational purposes)
I gained access to administrator panel, however, apache doesn’t have access to the plugins dir, so I can’t upload shell using Plugins section inside … Continue reading Inject PHP code inside a Moodle site [closed]
I’m setting up an Apache 2.4 server on Ubuntu 20.04 LTS, and following all CSI Benchmarks recommendations to secure it.
The CSI recommends configuring AppArmor and generating a profile for Apache2 to restrict what it can and cannot access … Continue reading Best profile for Apache2 + PHP-FPM on AppArmor
I’ve found this PHP library for detecting/guessing the language of a given string: https://github.com/patrickschur/language-detection
I would have massive use of this. I would really like to use it.
But I cannot.
All I can think is this:
… Continue reading What to do when you simply cannot trust anyone or anything anymore?
In the past few days, I have created my own webserver to serve as my sandbox for learning pen-testing. I saw this blog (https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1) and wanted to attempt something s… Continue reading How does Local File Inclusion (LFI) work?
I know it’s possible to embed phar archives into jpeg images but is it also possible to do so with PNG images? I am testing a php application that securely checks if an image is a valid PNG image however it calls vulnerable filesystem func… Continue reading Is it possible to embed a phar archive into a PNG image?
I am improving the security on my php website. I am not using any frameworks or cms. The credentials are currently stored in plain text in the relevant php files. While researching, I came across this question Why use .ENV? What’s wrong wi… Continue reading What is the most up-to-date secure method for storing .ENV variables?
On a nginx web-server running the following config is to possible to change $_SERVER[‘REMOTE_ADDR’] remotely?:
user www;
pid /run/nginx.pid;
error_log /dev/stderr info;
events {
worker_connections 1024;
}
http {
server_tokens off… Continue reading Changing $_SERVER[‘REMOTE_ADDR’] remotely
I have a web server I am trying to root and there is an exposed php-cgi.exe executeable that when accessed returns the following:
Any help would be greatly appreciated.
Continue reading Any exploitation route from exposed php-cgi.exe executable via apache? [closed]
I’m currently working on a website and want to prevent characters being inputted, i am using following code
if (!preg_match("/^[a-zA-Z0-9_!,()& -\/]*$/"
is it possible to exploit this and if so how? would like to know ways t… Continue reading Is it possible to exploit preg_match similar to preg_replace PHP?
I have a scenario where I’m testing for injection points but the authentication form has a challenge token that refreshes with each GET. The credentials are sent in a POST accompanied by that challenge token received in the previous GET to… Continue reading Multi stage/request SQLmap with challenge