Introducing lightyear: a new way to dump PHP files PHP filter chains are, in my opinion, an amazing research subject, as they seem to offer an infinite... 2024-11-4 16:0:0 | 阅读: 7 | 收藏 | Ambionics - www.ambionics.io digit iconv 4a 5a dechunk

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3) A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for... 2024-9-30 15:0:0 | 阅读: 9 | 收藏 | Ambionics - www.ambionics.io php brigade buckets memory 0x400

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2) A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for... 2024-6-17 15:0:0 | 阅读: 17 | 收藏 | Ambionics - www.ambionics.io php iconv rcube rcmail roundcube

Scalpel: a Burp Suite extension to edit HTTP traffic, in Python 3 Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the... 2024-6-5 20:0:0 | 阅读: 24 | 收藏 | Ambionics - www.ambionics.io burp scalpel python encryption repeater

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for... 2024-5-27 15:0:0 | 阅读: 5 | 收藏 | Ambionics - www.ambionics.io iconv php utf7 855 buckets

Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix wrapwrap marks another improvement to the PHP filter exploitation saga. Adding arbitrary prefixes to... 2023-12-11 07:0:0 | 阅读: 4 | 收藏 | Ambionics - www.ambionics.io iconv php digit triplet payload

Owncloud: details about CVE-2023-49103 and CVE-2023-49105 On November 21th 2023, Owncloud released a new version patching two vulnerabilities (1 and 2) we rep... 2023-12-4 07:0:0 | 阅读: 6 | 收藏 | Ambionics - www.ambionics.io oc owncloud dav verifier

Unserializable, but unreachable: Remote code execution on vBulletin In late August of 2022, we reported a pre-authentication remote code execution vulnerability to vBul... 2023-1-31 16:0:0 | 阅读: 24 | 收藏 | Ambionics - www.ambionics.io vb vbulletin datamanager php unserialize

Blind exploits to rule WatchGuard firewalls AbstractIntroductionInitial footholdAttack surfaceXML-RPC parsingVulnerability #1: Blind alphanumeri... 2022-8-29 06:0:0 | 阅读: 14 | 收藏 | www.ambionics.io realloc 2gb fig arena mmapped

Hacking Root-Me: SPIP SQL injection leading to RCE (challenge) SPIP version 4.0.1 was released on Wednesday, December 15 2021, in order to patch a vulnerability in... 2022-1-12 07:0:0 | 阅读: 10 | 收藏 | Ambionics - www.ambionics.io spip g0uz hiring security hesitate

PHP-FPM local root vulnerability IntroductionOverview of the bugOverview of PHP-FPMMain process and workersScoreboardsIPC through SHM... 2021-10-25 19:29:40 | 阅读: 131 | 收藏 | www.ambionics.io php procs memory zcg crash

PHP-FPM local root vulnerability IntroductionOverview of the bugOverview of PHP-FPMMain process and workersScoreboardsIPC through SHM... 2021-10-21 07:0:0 | 阅读: 7 | 收藏 | www.ambionics.io php procs memory zcg crash

Laravel <= v8.4.2 debug mode: Remote code execution In late November of 2020, during a security audit for one of our clients, we came accross a website... 2021-1-12 08:0:0 | 阅读: 11 | 收藏 | www.ambionics.io 00a php 00b payload 00q

Remote code execution on Sqreen: exploiting the microagent When Charles reached out to me to disclose this issue, we decided to react with one goal in mind: pr... 2020-11-19 17:00:00 | 阅读: 16 | 收藏 | www.ambionics.io sqreen binaryvalue bv python ary

Secret fragments: Remote code execution on Symfony based websites Since its creation in 2008, the use of the Symfony framework has been growing more and more in PHP b... 2020-10-19 07:00:00 | 阅读: 22 | 收藏 | www.ambionics.io symfony fragment php ezpublish

Breaking PHP's mt_rand() with 2 values and no bruteforce While performing a pentest on an old website, we encountered a piece of code that we had not seen in... 2020-01-06 18:20:00 | 阅读: 16 | 收藏 | www.ambionics.io php scrambled twist s227 undo

Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi After attacking PrestaShop several months ago, my next target of choice was another eCommerce platfo... 2019-06-10 13:13:13 | 阅读: 34 | 收藏 | www.ambionics.io fieldname magento

Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi After attacking PrestaShop several months ago, my next target of choice was another eCommerce platfo... 2019-3-28 23:0:0 | 阅读: 10 | 收藏 | www.ambionics.io fieldname magento

Exploiting Drupal8's REST RCE Once again, an RCE vulnerability emerges on Drupal's core. This time it is targeting Drupal 8's REST... 2019-02-23 02:00:00 | 阅读: 17 | 收藏 | www.ambionics.io drupal hal unserialize

PrestaShop 1.6 Privilege Escalation Instead of using the usual PHP session ID and storing data locally, PrestaShop stores session data i... 2018-07-16 17:20:00 | 阅读: 14 | 收藏 | www.ambionics.io crc prestashop k1 k0 kvp