SQL injection in latest e107 CMS

Bug exists in admin's panel. It's possible to exploit only when you have admin's credentials. Full details described below...

Tr0ll 1 - CTF

I just finished the Tr0ll CTF. Annoying thing... ;) Big thanks goes to Maleus for preparing the game.

NullByte 1 - CTF

Yesterday I was playing with another CTF from VulnHub. This time I decided to try NullByte 1...

6Days Lab CTF

Friend of mine asked me if I know this CTF. I decided to check it during the weekened. Below quick review...

Local resource enumeration via XSS

Probably you all already know how to "Hack Intranet Websites from the Outside" (if not, google for Jeremiah Grossman and RSnake - you can start here - and read about some attacks from 2006 and 2007). ;) There you will find similar usage of JavaScript as you can find below:

DVL Warmup poc

Yesterday I was playing with an old ISO called Dam Vulnerable Linux. If you're learning some binary exploitation, a nice 'warmup exercise' can be found here:

Lord Of The Root - CTF

First of all: big thanks for the author for preparing this CTF. Man, I had no idea that Frodo is a hipster! ;D

Bitbot CTF

In the middle of the other activities and projects, I decide to sit down for a while and check another CTF. This time I decided to try Bitbot. Found again on VulnHub – thank you guys. Also big thanks for the author (bwall) for preparing this game! So… Let’s get to work.