Christopher Tarquini's Blog
  • Security
  • Development
  • System Administration
  • PGP
  • Linkedin
  • CV/Resumè
Subscribe

Security

Posts about breaking stuff

Security

Handlebars 4.1.2: Command Execution

Escaping the Handlebars 4.1.2 sandbox to get code eval/RCE

Christopher Tarquini Christopher Tarquini
Security

Bypassing MaxScale's Firewall and Masking Rules

Learn how to bypass MaxScale's Firewall and Masking filters using SQL comments

Christopher Tarquini Christopher Tarquini
Security

Prevent Tab-Nabbing with Minimal Overhead

Prevent tab-nabbing attacks using this simple Javascript function

Christopher Tarquini Christopher Tarquini
Security

VestaCP - Root Privilege Escalation

VestaCP currently has a bug that allows root privilege escalation using PHP. Background: Even with stats disabled, the following line is found in /home/<user>/conf/web/nginx.conf: include /home/

Christopher Tarquini Christopher Tarquini
Security

Root your box with W3TC and Nginx

Several guides for integrating everybody's favorite caching plugin for Wordpress with Nginx tell you to include something like this in your nginx configuration: location / { include /var/www/wordpress/nginx.conf; } At the time

Christopher Tarquini Christopher Tarquini
Security

[CVE-2016-5483] Galera Remote Command Execution via crafted database name

mysqldump is a common utility used to create logical backups of MySQL databases and one of the SST methods used by Galera to bring out-of-sync nodes back into the cluster. Using an evil

Christopher Tarquini Christopher Tarquini
Security

[CVE-2016-5483] Backdooring mysqldump backups

mysqldump is a common utility used to create logical backups of MySQL databases. By default, it generates a .sql file containing the queries to create/drop tables and insert your data. By crafting

Christopher Tarquini Christopher Tarquini
Security

Insecure Defaults - Exploiting LOAD DATA LOCAL INFILE

Although it is documented that the default binary distributions of MySQL/MariaDB/Percona all seem to be compiled with allow local infile enabled, the warning is misleading: The transfer of the file from

Christopher Tarquini Christopher Tarquini
Security

Node.JS Request Smuggling

The Node HTTP Client checks for invalid characters such as new lines that can be used to perform HTTP Smuggling attacks, however, the rules for the path option are quite relaxed. By combining

Christopher Tarquini Christopher Tarquini
Christopher Tarquini's Blog © 2019
Latest Posts Twitter Ghost

Subscribe to Christopher Tarquini's Blog

Stay up to date! Get all the latest & greatest posts delivered straight to your inbox