Saturday, November 21, 2015
PHP static code analysis vs ~1000 top wordpress plugins = 103 vulnerable plugins found
░▒▓█ Introduction I've been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less)...
Monday, December 29, 2014
BitTorrent Sync WebUI XSS vulnerability
BitTorrent Sync WebUI (<= 1.4.92) is affected by XSS vulnerability that could be exploitable in some rare scenarios. Proof of concept vi...
Monday, June 23, 2014
Multiple vulnerabilities in bugs.php.net, pecl.php.net, master.php.net and gtk.php.net
Another "sprint code review" resulted in many vulnerabilities in *.php.net sites. Short summary: bugs.php.net: SQLi, XSS pe...
Tuesday, June 10, 2014
MPOS (cryptocurrencies mining portal) XSS
During another "sprint code review" session I found a simple XSS in MPOS JSONP handling. MPOS is a web based mining portal for var...
Tuesday, April 22, 2014
Apache fingerprinting with icons directory
Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in a...
Monday, April 21, 2014
Abusing PHP.net "User Contributed Notes" up/down voting system easier
On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that mak...
Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized whi...
Sunday, September 1, 2013
Introduction Developer tools that are built in all modern browsers are powerful tools in a skillful hands. In this post I will show you how...
Saturday, August 3, 2013
Doctrine2 (PHP): inserting large amount of entities
First of all IMO Doctrine2 don't really fits for inserting large amount of data/entities because of its abstraction layer "overhead...
Monday, July 22, 2013
In the meantime...
Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I hav...
View web version