php_sec

Fear the EAR (Exit After Redirect) is a simple yet often overlooked vulnerability that can allow authentication bypass. This short post walks through the discovery process, how I exploited the issue, and how it was responsibly reported back to the program. Read more

Local file include can be used by developers to retrieve files in the current working directory, however when an attacker locate the vulnerable endpoint, he can jump directories to read sensitive system files And this what happens when I was conducting my usual academic work till observing this LFI ! Read more