Red wilds
PHP serialisation
Privacy greenhouse
Defence blues
Purple crossroads
Indigo observatory
Contact
Initializing search
Red wilds
Unseen University Power & Light Co.
The Scarlet Semaphore
Myrddin’s menagerie
In:
Where the falcons and foxes roam
In:
Where the falcons and foxes roam
A canopy of apple-
blossom
A canopy of apple-
blossom
Field notes from the fragrant branches of web app exploitation
Web application attack runbooks
Web application attack playbooks
Portswigger Academy labs:
Controlled burn
Root-
me:
Orchard foraging
Root-
me:
Orchard foraging
Root-
Me Web client challenges
Root-
Me Web server challenges
Root-
Me Web server challenges
Insecure code management
Directory traversal
File upload:
null byte
PHP assert
()
PHP Filters
PHP Register globals
JWT Introduction
JWT
(not) revoked token
JWT weak secret
Python:
Server-
side Template Injection Introduction
Command injection:
filter bypass
Java:
Server-
side Template Injection
(SSTI)
Local file inclusion
Local file inclusion:
double encoding
PHP preg_
replace
PHP type juggling
SQL injection:
authentication
SQL injection:
string
XSLT code execution
PHP path truncation
PHP serialisation
SQL injection:
numeric
SQL injection:
routed
SQL truncation
XPath injection:
authentication
SQL injection:
time-
based
Petals and pentesting priorities
Social engineering
Where wild boars plough through endpoints
Wolverines do not ask for permissions
Riches in the ground
The device is just the keyring
Poking physics with network packets
Through:
Where the raccoons burrow and rummage
Out:
Where squirrels swipe the crown jewels
PHP serialisation
¶
root-me challenge PHP - Serial
: Get administrator access.
Back to top
