Skip navigation.

Raphael's Blog

A look into a programmer's life

Posts tagged with "security"

PHPIDS bypass of the day

Saturday, 10. January 2009, 03:26:55

,

What to do when bored and reading the latest blog posts from The Spanner?
Once again I read about a PHPIDS bypass so I tried to find a way to bypass it too, so here it is:


you=this
,the=('a\
ler\
t'),you=you[the]
you('hello world \
by Raphael Geissert \
based on example by\
Gareth Heyes\
')
,/abc abc\
abc abc abc\
abc\
/,/abc abc\
abc abc abc\
abc\
/

No comments

two OpenXSS advisories on their way to the public knowledge

Tuesday, 30. September 2008, 01:17:30

, ,

It is just a matter of time for the first two advisories to appear either at CVE's database or at BugTraq. I know I promised at least three of them, but I haven't found enough time to write the third one. There might be some others, it just depends on how much more time I want to spend/waste (depends on the POV) trying to understand wordpress' code, wiki-related code, and other similar code.

Read more...

No comments

"OpenID" (a.k.a. OpenXSS) implementations...

Thursday, 25. September 2008, 01:47:07

, , ,

I have just took a quick look at yet another OpenID-related php script which is, just like the others I've seen, open to XSS attacks.

Read more...

4 comments

opendns: using Debian (bonus: old php5 package being used)

Wednesday, 12. September 2007, 00:28:38

, , ,

After taking a look at some links I found out that OpenDNS is using Debian.

Read more...

No comments

VHCS2 SQL Injection vulnerability

Tuesday, 21. August 2007, 02:26:11

,

Just found a SQL Injection vulnerability in VHCS2 2.4.7.1:

Read more...

No comments

1 2 Next »

Showing posts 1 - 5 of 8.

PHP, Webmasters and Development

  • HTTP Protocol

    The HTTP protocol specs at the World Wide Web Consortium

  • Text Link Ads

    Make money by placing text links

  • chainki

    The world's biggest collection of links that anyone can edit

Projects and others

  • KCheckGMail

    A GMail Notifier for KDE

  • PhishTank

    Out of the Net, into the Tank

  • BadVista

    The Free Software Foundation campaign opposing Microsoft Vista adoption and spotlighting free software alternatives

  • My Debian Packages Overview

    QA overview page for my Debian packages

  • My page at Debian's Wiki

    Some more Debian-specific information about myself

  • Debian

    Debian is a free operating system (OS) for your computer.Debian GNU/Linux provides more than a pure OS: it comes with over 18733 packages, precompiled software for easy installation on your machine.

  • Project Honey Pot

    Distributed system for identifying spammers and the spambots they use to scrape addresses from your website.

Useful resources