Category: Exploitation

Simple Fix for Login Bypass Vulnerability on PHP Application

Before we’re started, let’s getting know about this vulnerability and this bug is almost same with SQL Injection, so this vulnerability letting user directly login to sites without exploiting any other vulnerability. Several Injection Strings: ‘=”or’ ‘ or 1=1 or ”=’ ‘ or 1=1- ‘ or 1=1# Then, how we patching that vulnerability? I will…

July 19, 2018
Capturing and Cracking WPA on macOS

Capturing & Cracking WPA on macOS? maybe I just use the excellent VirtualBox images of Kali Linux from Offensive Security and aircrack-ng. but I just forgotten that: Using advanced wireless features is impossible from a virtual machine Even if he used Kali Linux with a dual boot, installing the wireless drivers to make it work…

July 19, 2018
SQL Injection

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Now many websites are built using PHP and…

May 9, 2018
Hidden Uploader

So many technique that can accessing server via website like SQLi and Hidden Uploader, hidden uploader is a file containing function to upload data that can triggered from the live web or remote exploiting. This is caused because some Administrator that don’t know about program, making the sites vulnerable but this is need a great…

May 8, 2018
Drupal RCE bug

Hackers have started exploiting a recently disclosed critical vulnerability in Drupal shortly after the public release of working exploit code. Three weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites. To address this…

April 28, 2018