• Training
    • Courses and Certifications
    • Learn Subscriptions
    • Product Pricing
    • Discount Programs
  • Proving Grounds (Hosted Labs)
    • Proving Grounds Play and Practice
    • Proving Grounds for Teams and Orgs
    • User-Generated Content
  • Kali and Community
    • Kali Linux Downloads
    • OffSec Community
    • Official OffSec Discord
  • Security Services
    • OffSec for Orgs
    • OffSec Federal
    • OffSec for Education
    • Penetration Testing Services
  • Global Partners
    • Work with a Partner
    • Partner with OffSec
    • Education Partners
    • Learning Partners
    • Channel Partners
    • Partner Portal
  • Resources
    • Blog
    • FAQ
    • Careers
    • OffSec Live
    • OffSec Webinars
    • OffSec Podcast
    • Join Our Email List
    • Official OffSec Swag
  • About OffSec
    • Leadership Team
    • Our Core Values
    • Bug Bounty Program
    • Contact Us
  • Register for a Course
  • Register for a Course
  • Courses
    • Learn Subscriptions
    • Pentesting Prerequisites (PEN-100)
    • Web App Security Basics (WEB-100)
    • Security Operations for Beginners (SOC-100)
    • Penetration Testing with Kali Linux (PEN-200)
    • Offensive Security Wireless Attacks (PEN-210)
    • Evasion Techniques and Breaching Defenses (PEN-300)
    • Web Attacks with Kali Linux (WEB-200)
    • Advanced Web Attacks and Exploitation (WEB-300)
    • Windows User Mode Exploit Development (EXP-301)
    • macOS Control Bypasses (EXP-312)
    • Advanced Windows Exploitation (EXP-401)
    • Cracking the Perimeter (CTP)
    • Security Operations and Defensive Analysis (SOC-200)
    • Courses and Certifications Overview
  • Certifications
    • OSCP Certified Professional
    • OSWP Wireless Professional
    • OSEP Experienced Penetration Tester
    • OSWA Web Assessor
    • OSWE Web Expert
    • OSED Exploit Developer
    • OSMR macOS Researcher
    • OSEE Exploitation Expert
    • OSCE Certification
    • OSDA Defense Analyst
  • Proving Grounds (Hosted Labs)
    • Proving Grounds Play and Practice
    • Proving Grounds for Teams and Orgs
    • User-Generated Content
  • Security Services
    • OffSec Academy
    • OffSec for Orgs
    • OffSec Federal
    • OffSec for Education
    • Penetration Testing Services
    • Advanced Attack Simulation
    • Application Security Assessment
  • Global Partners
    • Work with a Partner
    • Partner with OffSec
    • Education Partners
    • Learning Partners
    • Channel Partners
    • Partner Portal
  • About OffSec
    • Why OffSec
    • Try Harder Ethos
    • Leadership Team
    • Blog
    • Bug Bounty Program
    • Contact Us
  • Kali and Community
    • OffSec Community
    • Kali Linux
    • Kali Linux VM Downloads
    • Kali NetHunter
    • VulnHub
    • Exploit Database
    • Google Hacking Database
    • Metasploit Unleashed
    • Official OffSec Discord
  • Resources
    • Product Pricing
    • FAQ
    • OffSec Webinars
    • OffSec Podcast
    • Careers
    • Join Our Email List
    • Official OffSec Swag
Offensive Security
  • Courses &
    Certifications
    • Penetration Testing
      • Pentesting Prerequisites (PEN-100)
      • PEN-200 and the OSCP certification
      • PEN-210 and the OSWP certification
      • PEN-300 and the OSEP certification
    • Web Application
      • Web App Security Basics (WEB-100)
      • WEB-200 and the OSWA certification
      • WEB-300 and the OSWE certification
    • Exploit Development
      • EXP-301 and the OSED certification
      • EXP-312 and the OSMR certification
      • EXP-401 and the OSEE certification
    • Security Operations
      • Security Operations for Beginners (SOC-100)
      • SOC-200 and the OSDA certification
    • Cloud Security
      • Cloud Fundamentals (CLD-100)
    • Learn Subscriptions
    • Product Pricing
      • Discount Programs
    • Register for a Course
  • Proving
    Grounds
    • Individual Labs
    • Enterprise Labs
    • User-Generated Content
  • Pentest
    Services
  • Training
    for Orgs
    • OffSec Flex Program
    • OffSec Federal
    • Why OffSec?
    • Contact Sales
  • Global
    Partners
    • Work with a Partner
    • Partner with OffSec
    • Education Partners
    • Learning Partners
    • Channel Partners
    • Partner Portal
  • Kali &
    Community
    • Kali Linux Downloads
    • OffSec Community Portal
    • Official OffSec Discord
  • About
    OffSec
    • Career Opportunities
    • Our Core Values
    • Leadership Team
    • Contact Us
    • ×
    ›
    Buy

Tag: exploit code

Return to Blog

Analyzing a Creative Attack Chain Used to Compromise a Web Application

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

Read More

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

An interesting submission to EDB today from the guys at http://www.nullbyte.org.il – a PHP 6.0 0day buffer overflow.

Read More
  • Training
    • Courses and Certifications
    • Learn Subscriptions
    • Product Pricing
    • Discount Programs
  • Proving Grounds (Hosted Labs)
    • Proving Grounds Play and Practice
    • Proving Grounds for Teams and Orgs
    • User-Generated Content
  • Kali and Community
    • Kali Linux Downloads
    • OffSec Community
    • Official OffSec Discord
  • Security Services
    • OffSec for Orgs
    • OffSec Federal
    • OffSec for Education
    • Penetration Testing Services
  • Global Partners
    • Work with a Partner
    • Partner with OffSec
    • Education Partners
    • Learning Partners
    • Channel Partners
    • Partner Portal
  • Resources
    • Blog
    • FAQ
    • Careers
    • OffSec Live
    • OffSec Webinars
    • OffSec Podcast
    • Join Our Email List
    • Official OffSec Swag
  • About OffSec
    • Leadership Team
    • Our Core Values
    • Bug Bounty Program
    • Contact Us
  • Register for a Course

Join our growing community.

Offsec

© OffSec Services Limited 2022 All rights reserved

  • Feedback
  • Legal
  • RSS Feed