How White-Box hacking works: Remote Code Execution and Stored XSS in PhotoShow 3.0
A bit outdated, nevertheless is beautiful in terms of ethical hacking – photoshow is an open source web application with 490 […]
Read More →A bit outdated, nevertheless is beautiful in terms of ethical hacking – photoshow is an open source web application with 490 […]
Read More →In case of multiple Stored XSS with the strict size limitation – consider the following exploitation technique; it would work, even […]
Read More →There is a stored XSS vulnerability in the ‘ntopng web application’ community edition version 4.1.200612. This vulnerability allows a malicious individual […]
Read More →The simplest way of how to find and exploit Data Protection API misconfigurations: Install the demo version of iExplorer tool on […]
Read More →Recently, Lyhin’s Lab decided to take a more challenging application. OroCRM v4.1.6: Has 785 stars and 260 forks on Github PHP […]
Read More →I suppose you want to discover how the pre-defined mobile application interacts with the filesystem and precisely understand what happens on […]
Read More →Why Scipio ERP (v2.0.0): 240 stars on Github Apache-2.0 License Java The mentioned vulnerabilities were found and exploited by Ihor Voschyk […]
Read More →Had an online talk at Practical Cyber Security Day. Presentation: https://lyhinslab.org/media/Lyhin_MATA.pptx Self-explaining screenshot: Related reference: https://lyhinslab.org/index.php/2020/10/17/lifehacks-for-hackers-how-to-audit-mobile-apps/
Read More →We have bad news for vendors whose applications use hardcoded secrets, for example, to create and validate JSON Web Tokens within […]
Read More →In web app security, a large number of clients attack the server. In client app security, the situation is opposite – […]
Read More →