Marcin Probola

░▒▓█ Introduction I've been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less)...

BitTorrent Sync WebUI ( Proof of concept video (stealing secrets): PoC exploit uses jQuery global ajax hook (jQuery library is already u...

Another "sprint code review" resulted in many vulnerabilities in *.php.net sites. Short summary: bugs.php.net: SQLi, XSS pe...

During another "sprint code review" session I found a simple XSS in MPOS JSONP handling. MPOS is a web based mining portal for var...

Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in a...

On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that mak...

Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized whi...

Introduction Developer tools that are built in all modern browsers are powerful tools in a skillful hands. In this post I will show you how...

First of all IMO Doctrine2 don't really fits for inserting large amount of data/entities because of its abstraction layer "overhead...

Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I hav...