Lyhins' Lab

LSCP Responsible Disclosure Lab

Menu
  • Home
  • How the lab works

Temporary LLab suspension

October 25, 2022
 |  No Comments
 |  Uncategorized

This lab is temporarily suspended due to the implications of the military conflict between Russia and Ukraine. New vuln publications are […]

Read More →

How White-Box hacking works: InvoicePlane – A Lot Of XSS And A Couple Of BAC Vulnerabilities

January 27, 2022
 |  No Comments
 |  Uncategorized

Hi all! InvoicePlane is a self-hosted open source application for managing your quotes, invoices, clients and payments. Looks pretty good, especially […]

Read More →

Lifehacks for hackers: what certification next?

December 30, 2021
 |  No Comments
 |  Uncategorized

This is a short outcome-focused review of the certification vendors Sam Lyhin had a chance to work with. Offensive Security  As […]

Read More →

How White-Box hacking works: XSS + CSRF in Arunna

November 29, 2021
 |  No Comments
 |  Uncategorized

Several vulnerabilities were recently discovered by Lyhin’s Lab in Arunna, which the main purpose, as they say, is “connecting the clouds”. […]

Read More →

Lifehacks for hackers: The value of “No”.

October 28, 2021
 |  No Comments
 |  Uncategorized

When a demanding customer asks a penetration tester to provide the exact commands on how to remediate the issue, what should […]

Read More →

How White-Box hacking works: Database Leakage on Mini-Inventory-and-Sales-Management-System

September 30, 2021
 |  No Comments
 |  Uncategorized

Legend has it that Ernest Hemingway won a bet by capturing a single screenshot that will make you cry. Latest commit: 8a995dd29dfe1293c62a0237cddca2e4fd8b7f61 Severity: 8.6 (High) […]

Read More →

Lifehacks for hackers: The “TODAY” reporting model

August 13, 2021
 |  No Comments
 |  Uncategorized

This short article defines the TODAY model, which is a 5-step guide of how to create pen-test reports in an efficient […]

Read More →

How White-Box hacking works: Remote Code Execution and Stored XSS in PhotoShow 3.0

July 19, 2021
 |  No Comments
 |  Uncategorized

A bit outdated, nevertheless is beautiful in terms of ethical hacking – photoshow is an open source web application with 490 […]

Read More →

Lifehacks for hackers: Split XSS

June 12, 2021
 |  No Comments
 |  Uncategorized

In case of multiple Stored XSS with the strict size limitation – consider the following exploitation technique; it would work, even […]

Read More →

How White-Box hacking works: Stored XSS in ntopng

May 13, 2021
 |  No Comments
 |  Uncategorized

There is a stored XSS vulnerability in the ‘ntopng web application’ community edition version 4.1.200612. This vulnerability allows a malicious individual […]

Read More →

Posts navigation

1 2 3 Next

Recent Posts

  • Temporary LLab suspension
  • How White-Box hacking works: InvoicePlane – A Lot Of XSS And A Couple Of BAC Vulnerabilities
  • Lifehacks for hackers: what certification next?
  • How White-Box hacking works: XSS + CSRF in Arunna
  • Lifehacks for hackers: The value of “No”.

Recent Comments

    Archives

    • October 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020

    Categories

    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    © S. Lyhin 2023. All rights reserved.