Hi phabricator,

I found an evil branch name of hg a repo can lead to arbitrary command injection on phabricator instance.

Here is the reproduction steps:
1. Monitor a remote mercurial repo with...

Hi guys!

JSON POST parameter "docId" is vulnerable to Blind SQL Injection attack

PoC (Raw query)

POST /_vti_bin/RatingsCalculator/RatingsCalculator.asmx/CalculateRatings HTTP/1.1
User-Agent:...

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑 - We5ter/Scanners-Box

## Summary
The https://cn-sjc1.uber.com/rt/users/apply-clients-promotions customer endpoint used to apply Uber promotions does not implement multifactor authentication, IP address blacklisting for...

## Summary
The https://cn-sjc1.uber.com/rt/users/apply-clients-promotions customer endpoint used to apply Uber promotions does not implement multifactor authentication, IP address blacklisting for...

Security consulting and pentesting by proven security experts.

Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣

Test your knowledge of cybersecurity terms and concepts with our crossword puzzle.

This week I took a break from SYSTEM chasing to review some anti-debugging techniques. With quite a few Bug Bounty programs available relying on client-side applications, I thought I'd share one of the techniques used by numerous security products (and apparently…

https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios



Year 2017 was rich in vulnerabilities discovered for Cisco networking devices. At least 3 vulnerabilities leading to a remote code execution were disclosed. This talk will give an…

Hi, This is my second blog post. I recently started to noscript python, So I decided to write some recon noscript to filter out domains to at...