exploit code | Offensive Security

Analyzing a Creative Attack Chain Used to Compromise a Web Application

What if someone was able to access and steal your company’s intellectual property or customer data? These are the types of concerns Chief Information Security Officers lose sleep over. Despite conducting frequent and independent security audits, even the most security focused organizations can remain susceptible to the latest vulnerabilities and attacks.

Today, most organizations handle sensitive personal and business data in web based applications, and as a result, allocating resources towards vulnerability mitigation isn’t a choice anymore, it’s a must.

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

Offsec Flex Program

Flexible training programs for organizations of all sizes.

Offsec Academy

Virtual PWK training and 1:1 mentoring with OffSec experts

Tag: exploit code

Analyzing a Creative Attack Chain Used to Compromise a Web Application

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

Courses and Certifications

Start Here

Penetration Testing with Kali Linux (PWK)

AdvancedFor Web

Advanced Web Attacks & Exploitation (AWAE)

AdvancedFor Pentest

Cracking the Perimeter (CTP)

Expert Level ForExploit Developers

Advanced Windows Exploitation (AWE)

Network Security

Wireless Attacks(WiFu)

We provide the top Open Source penetration testing tools for infosec professionals.

Flexible training programs for organizations of all sizes.

Virtual PWK training and 1:1 mentoring with OffSec experts

Advanced
For Web

Advanced
For Pentest

Expert Level For
Exploit Developers

Wireless Attacks
(WiFu)