Gaining access through error-based SQLi using WebSockets
IntroductionIn the previous Pwning the portal blog post, we extracted the source code of a corporate login portal through a
Pwning the portal: from database dump to session hijacking
IntroductionI find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for beginners
Misusing BeyondTrust Remote Support Leads To Data Exposure
BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of
Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]
AcyMailing is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more than 5.000 active
Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]
SP Project & Document Manager is a WordPress plugin developed by Smarty Pants, with over 301.000 downloads and over