Blog

Study PHP Unserialize Object Injection in Yet Another Stars Rating plugin by using Docker Security Playground

First of all, update DSP laboratory: in <dsp>:8080/repository page, click on Update All Now you should see the lab in /labs section Click on F5 if you are not able to see it. We need to create a live processing way to update between multiple tabs. If it is the first installation, you need to […]

Using Docker Security Playground to create unserialize() Object Injection in Yet Another Stars Rating laboratory

In previous post I’ve describe how it is possible to use Docker in order to setup a Docker environment to study Yet Another Stars Rating wordpress plugin https://wpscan.com/vulnerability/9207. Here I am going to show you how you can configure a vulnerable environment by using Docker Security Playground . Docker Security Playground installation Install DSP is […]

Leveraging Docker + VSCode to study web vulnerabilities

Have you ever studied Docker? If you are a passionate about web hacking, study it! In this Post I am going to persuade you that using Docker to study web vulnerabilities is a good thing! If you want to understand more about this post, please follow Docker Documentation How do you find vulnerabilities? There are […]

CVE-2020-2229 JENKINS UP TO 2.251/LTS 2.235.3 TOOLTIP STORED CROSS SITE SCRIPTING

In this Post, I show how I have create the Proof Of Concept for CVE-2020-2229 . I found a vulnerable version Jenkins 2.249 during a Penetration Test, I was trying to investigate available exploits for this vulnerability, but I did not find anything. Well, Jenkins is an amazing wonderful project, the best way that I […]

Web Application Hacking – An introduction

When trying to find a methodology for performing a Penetration Test against a Web Application (meaning those that are accessed using a browser to communicate with a web browser), one should keep in mind that Hackers’ activities to find new vulnerabilities always involve a great deal of creativity. It is possible, though, to explore all […]

Scroll to top