Correct solution per the screenshot: http://localhost:8080/?password=1&name=\%00readflag/var/www/html/index.php:9$0

Exploiting old vulnerability in Aliens Versus Predator 2 (remastered) tomtombinary.xyz/articles/alien…

PHP8.3 is the new Perl 🤡 ( perlmonks.org/?node_id=495275 )

OVH qui m'arnaque 3000€ avec une facture surprise. Cette PUB c'est pour m'achever ? 😂

Thanks to Zeecka 🥀 for pointing me out Daniel Thatcher's conf. "New Techniques for Split-Second DNS Rebinding" from #BlackHatEurope2023. BH conf blackhat.com/eu-23/briefing… 1/2 intruder.io/research/we-ha… 2/2 intruder.io/research/split…

Introducing a new tool for #PHP filters attacks, #wrapwrap: an algorithm to add an arbitrary prefix and suffix to a PHP resource, improving the exploitation of file read and #SSRF vulnerabilities. ambionics.io/blog/wrapwrap-…

🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥 PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability: sonarsource.com/blog/joomla-mu…

Bien tenté 🙃...

Some stats about aperisolve.com on the last 30 days.

Iconv, set the charset to RCE: in the first blog post of this series, Charles Fol will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) ambionics.io/blog/iconv-cve…

I’m happy to share that after more than eight years with the team, I'm now the President of Root-Me. Root-Me is more than just an e-learning platform to me - it's where I learned cybersecurity, met incredible people, and even got my first job in the field of reverse

Sans infra ⚒️, pas de challenges ! Courage à nos Infra-makers pour la dernière ligne droite 💪! La Brosse Adam, Slinky, Raphael (from ICODIA), Ionniz, Sp4rKy (from @Claranet_Fr) et Zeecka 🥀 !

Ruby Rails bump allowing duplicate keys in to_json leading to information disclosure, awesome root cause ✨

A North Korean operative attempted to join Kraken. We had some questions. Is that your final answer❓ Let's hear what he had to say.

Bug bounties ain't just web. Throwback to when Vinnie and I got RCE on Steam Client via a buffer overflow in Server Browser 🚨 Root Cause: 🎯 Wide-char conversion without boundary checks inside serverbrowser.dll leading to stack corruption Exploit: 🪲 Crafted oversized

🍉 The AperiSolve website just got a fresh new look! - ⚙️ RAM doubled - ⚙️ CPU doubled - 😎 Swag doubled Got feedback? Drop a DM or open an issue: github.com/Zeecka/AperiSo… aperisolve.com

This looks nicely written: ifixit.com/News/112008/po…

Huge computer science result: A Tsinghua professor JUST discovered the fastest shortest path algorithm for graphs in 40yrs. This improves on Turing award winner Tarjan’s O(m + nlogn) with Dijkstra’s, something every Computer Science student learns in college.

Bypassing TLS Verification on Nintendo Switch by Yannik Marchand reversing.live/sslbypass.html

💻 After #OSCP & #OSWE, I spent a year on Offset Unlimited to tackle #OSEP & #OSED, earning #OSCE3. 🚀 Also completed: OSWP, OSTH, OSWA, OSIR, OSCC-SEC, OSCC-SJD, KLCP. 🙏 Big thanks to OffSec for the amazing trainings!