Ambionics

follow: @[email protected]

Posts

Introducing lightyear: a new way to dump files in PHP

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)

Scalpel: a Burp Suite extension to edit HTTP traffic, in Python 3

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix

Owncloud: details about CVE-2023-49103 and CVE-2023-49105

Unserializable, but unreachable: Remote code execution on vBulletin

Blind exploits to rule WatchGuard firewalls

Hacking Root-Me: SPIP SQL injection leading to RCE (challenge)

PHP-FPM local root vulnerability (CVE-2021-21703)

Laravel <= v8.4.2 debug mode: Remote code execution

Remote code execution on Sqreen: exploiting the microagent

Secret fragments: Remote code execution on Symfony based websites

Breaking PHP's mt_rand() with 2 values and no bruteforce

Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi

Exploiting Drupal8's REST RCE

PrestaShop 1.6 Privilege Escalation

PHP Generic Gadget Chains: Exploiting unserialize in unknown environments

Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell

TYPO3 News module SQL Injection

Drupal 7.x Services module unserialize() to RCE

Grails PDF Plugin XXE

CVE-2016-9838 - Joomla! Account Takeover & Remote Code Execution