Viktor Markopoulos

May
19

Gaining access through error-based SQLi using WebSockets

IntroductionIn the previous Pwning the portal blog post, we extracted the source code of a corporate login portal through a
4 min read
Jan
12

Pwning the portal: from database dump to session hijacking

IntroductionI find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for beginners
5 min read
Oct
15

Misusing BeyondTrust Remote Support Leads To Data Exposure

BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of
4 min read
Sep
08

Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]

AcyMailing is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more than 5.000 active
4 min read
Aug
17

Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]

SP Project & Document Manager is a WordPress plugin developed by Smarty Pants, with over 301.000 downloads and over
4 min read