Dangerous PHP Functions

I have seen some blog posts regarding the “Bypassing Disable_Functions in PHP” and I decided to dig some more to better understand all of the bypasses around and also focus on how to disable dangerous php functions. Here is the quick summary what you can do with php functions. system : immediately shows all output, … Read moreDangerous PHP Functions

White Box Testing Tomcat and Struts

Tomcat is always an easy target and low hanging fruit in a pentest and I always aim to scan the network for port 8080 as tomcat runs by default on this port. If you are lucky enough, you can login to the “Manager App” with default credentials and upload a .war file to get shell … Read moreWhite Box Testing Tomcat and Struts

White Box Testing Jenkins

I generally install vulnerable web applications to my 64bit Ubuntu 16.04 machine to better understand the structure of the web applications and vulnerabilities. It is more like white-box approach. If you don’t know well about the web application you are auditing, you can easily get familiar with this method. In this post, I am going … Read moreWhite Box Testing Jenkins

Jenkins Script Console Code Exec & Reverse Shell & Java Deserialization

You can often come across with Jenkins Script Console without any authentication.Here you can find the some code execution scripts which can help you to run some commands and even get a reverse shell depending on the Operating System version. Jenkins Code Execution via Script Console Getting Reverse Shell on Linux Machine We can simply … Read moreJenkins Script Console Code Exec & Reverse Shell & Java Deserialization

ASP Razor Basic Code Execution

What is Razor ? Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages. Razor is based on ASP.NET, and designed for creating web applications. It has the power of traditional ASP.NET markup, but it is easier to use, and easier to learn. For more information, please … Read moreASP Razor Basic Code Execution