Marcin Probola

░▒▓█ Introduction I've been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less)...

BitTorrent Sync WebUI (<= 1.4.92) is affected by XSS vulnerability that could be exploitable in some rare scenarios. Proof of concept vi...

Another "sprint code review" resulted in many vulnerabilities in *.php.net sites. Short summary: bugs.php.net: SQLi, XSS pe...

During another "sprint code review" session I found a simple XSS in MPOS JSONP handling. MPOS is a web based mining portal for var...

Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in a...

On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that mak...

Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized whi...

Introduction Developer tools that are built in all modern browsers are powerful tools in a skillful hands. In this post I will show you how...

First of all IMO Doctrine2 don't really fits for inserting large amount of data/entities because of its abstraction layer "overhead...

Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I hav...