↧
Increases the power of PAM steal module.
A year ago we released our PAM steal module.It's easiest and safest way to steal passwords and local privilege escalation.Basically it catch passwords from sudo/su and local services which used PAM.But...
View ArticleOne more useful PHP class for unserialize() bugs
In a hurry to share PHP common class for deserialization vulnerabilities.It's FileCookieJar class of Guzzle project.Look at its destructor...
View ArticleNew PHP extensions should be hardcoded :)
PHP 6 and PHP 7 are here.Many applications still using blacklist filtration for upload and other file operations files.Note, that now you should add ".php6" and ".php7" to this lists.Finally it will...
View ArticleUsing PHPMailer vulnerability to take the session
At the end of 2016 world was shocked by remote code execution exploit for PHPMailer. It's a very common 3rd party library which used by Drupal, WordPress, Joomla and numbers of others top web...
View Article