Tutorials

Exploitation of Opendreambox – Remote Code Execution

The OpenDreambox project aims to bring an open and extensible image to the Dreambox receivers and to provided viable alternatives to other images that are kept closed-source by their authors. In this OpenDreambox Project, there is a webadmin module which is vulnerable to Remote Code Execution vulnerability through which you can perform command injection via […]

Tutorials

[Code Execution] – preg_replace() PHP Function Exploitation

Today we’re gonna exploit one of the most popular PHP function i.e. preg_replace() which is used by many developers and can further lead to a Code Execution vulnerability. The preg_replace() function operates just like POSIX function ereg_replace(), except that regular expressions can be used in the pattern and replacement input parameters. Here, we’ve a simple […]

Tutorials

[Exploitation] Apache Struts OGNL Code Execution Vulnerability – CVE-2017-9791

Apache Struts Framework is one of the most popular framework for developing java based web applications and is widely used by so many big companies. Apache Struts has been started in year 2000 with version Apache Struts 1 which was a big success and after exactly 7 years, they’ve released Apache Struts 2. Last year […]