Marcin Probola

Saturday, November 21, 2015

PHP static code analysis vs ~1000 top wordpress plugins = 103 vulnerable plugins found

›
░▒▓█ Introduction I've been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less)...
198 comments:
Monday, December 29, 2014

BitTorrent Sync WebUI XSS vulnerability

›
BitTorrent Sync WebUI ( Proof of concept video (stealing secrets): PoC exploit uses jQuery global ajax hook (jQuery library is already u...
12 comments:
Monday, June 23, 2014

Multiple vulnerabilities in bugs.php.net, pecl.php.net, master.php.net and gtk.php.net

›
Another "sprint code review" resulted in many vulnerabilities in *.php.net sites. Short summary: bugs.php.net: SQLi, XSS pe...
3 comments:
Tuesday, June 10, 2014

MPOS (cryptocurrencies mining portal) XSS

›
During another "sprint code review" session I found a simple XSS in MPOS JSONP handling. MPOS is a web based mining portal for var...
3 comments:
Tuesday, April 22, 2014

Apache fingerprinting with icons directory

›
Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in a...
2 comments:
Monday, April 21, 2014

Abusing PHP.net "User Contributed Notes" up/down voting system easier

›
On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that mak...
1 comment:

pear.php.net XSS

›
Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized whi...
Sunday, September 1, 2013

Crawling and parsing web pages in javascript directly from your web browser

›
Introduction Developer tools that are built in all modern browsers are powerful tools in a skillful hands. In this post I will show you how...
58 comments:
Saturday, August 3, 2013

Doctrine2 (PHP): inserting large amount of entities

›
First of all IMO Doctrine2 don't really fits for inserting large amount of data/entities because of its abstraction layer "overhead...
1 comment:
Monday, July 22, 2013

In the meantime...

›
Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I hav...
5 comments:
›
Home
View web version
Powered by Blogger.