Idontplaydarts - idontplaydarts.com - Application Security
General Information:
Latest News:
HTTP Parameter Pollution with cookies in PHP 11 Jun 2013 | 03:00 pm
Strange things happen when you parse URL arguments and Cookies in PHP. By using a single square bracket [ or a null byte its possible to rename an HTTP parameter and to set multiple unique cookies in ...
Raspberry PI and Tor for slightly easier OPSEC 10 Jan 2013 | 03:52 am
With a desire for stronger operational security (OPSEC) I've built a dual homed Raspberry Pi to act as a Tor client. It sits between my laptop and the internet only allowing traffic that is routed thr...
Raspberry PI and Tor for slightly easier OPSEC 9 Jan 2013 | 05:52 pm
With a desire for stronger operational security (OPSEC) I’ve built a dual homed Raspberry Pi to act as a Tor client. It sits between my laptop and the internet only allowing traffic that is routed thr...
Data exfiltration through the VMware hypervisor 11 Aug 2012 | 05:19 pm
Its possible for two Virtual Machines with no network access or shared file system to communicate as long as they run under the same Hypervisor. This post will show you how this can be achieved by sen...
Data exfiltration through the VMware hypervisor 11 Aug 2012 | 09:19 am
Its possible for two Virtual Machines with no network access or shared file system to communicate as long as they run under the same Hypervisor. This post will show you how this can be achieved by sen...
Encoding Web Shells in PNG IDAT chunks 5 Jun 2012 | 02:50 am
If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere(and I'm not talking about encoding data in comments or metadata)...
Encoding Web Shells in PNG IDAT chunks 4 Jun 2012 | 09:50 pm
If you carefully encode a web shell in an image you can bypass server-side filters and seemingly make shells materialize out of nowhere (and I’m not talking about encoding data in comments or metadata...
Taking screenshots using XSS and the HTML5 Canvas 17 Apr 2012 | 12:47 am
Using the HTML5 Canvas its possible to use XSS to take screenshots of administration and management interfaces that might not have access to. Blind Stored XSS By injecting script tags containing an ...
Taking screenshots using XSS and the HTML5 Canvas 16 Apr 2012 | 11:47 pm
Using the HTML5 Canvas its possible to use XSS to take screenshots of administration and management interfaces that might not have access to. Blind Stored XSS By injecting script tags containing an ...
Exploit: Symfony2 - local file disclosure vulnerability 25 Feb 2012 | 05:29 pm
I recently discovered a vulnerability affecting the Symfony2 Framework versions 2.0.0-2.0.10.In short, by by parsing user supplied XML in any way (e.g. SOAP API, RSS feed, unserializing an object) it ...
