In this post we use a challenge from ASISCTF to explain a way to skip a filter, implemented by the function preg_match, to execute code PHP.
Power belongs to the people who take it
In this post we use a challenge from ASISCTF to explain a way to skip a filter, implemented by the function preg_match, to execute code PHP.
In this post we will make the Curling machine from HackTheBox.
It is an easy level Linux machine where we will face a CMS (Joomla) and we will see how to climb using DirtySock.
In this post we’ll see how a website that uses JWT incorrectly allows us to create users with arbitrary data. We will rely on a challenge from the CTF TJCTF, specifically the Moar Horse 4 challenge.
Continue reading
A CSRF is operated through an XSS. In this case we rely on a TJCTF challenge but it is applicable in many areas. This kind of attacks show the danger that XSS have as we saw in the post from WordPress 5.1 CSRF + XSS + RCE – Poc where even RCE was achieved.
Con esta entrada continuamos con los writeups resolviendo los retos de la fase clasificatoria online de la CyberCamp 2019.
En este caso es un reto de nivel medio de Criptografia.
Continue reading
© 2024 ironHackers
Theme by Anders Noren — Up ↑