Hey, today I’ll talk about security and more specifically pentest once again. I feel lucky these days because I feel I learn new things every weeks at least. Today I’ll talk about server-side JavaScript but not on MongoDB, rather I’ll speak about GatewayScript, which is a proprietary language by IBM. GatewayScript GatewayScript is used mainly …
Hey, so I’ve been doing some follow-up research on the vulnerability I found in Smarty and I’ll be doing a quick post on what I found, with the conditions needed to trigger it. Version affected So I’m not finished with the testing obviously but there were some weird things, such as the fact that …
Hi, today I’ll do a quick article to talk about Smarty PHP and I’ll reveal something I found on the template library that could be a 0day. What’s Smarty? Smarty is a PHP library allowing the usage of Templates in PHP. It is a library widely used in PHP development, MVC and so on. …
Hey, today I’ll do a quick article since I’m a lot busy for these few days. I’ll talk about server-side includes and how to exploit them. What’s a SSI? A Server-side include (SSI) is a server-side scripting language used almost exclusively for the web. The most used feature on SSI is the ability to include …