Enviar búsqueda
Cargar
Nobody knows-except-g4mm4
•
3 recomendaciones
•
5,302 vistas
Xchym Hiệp
Seguir
The title is not related with the content =]]
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 21
Recomendados
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Kazuki Yoshida
Emacs Key Bindings
Emacs Key Bindings
Kazuki Yoshida
「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)
Hiroki Mizuno
Vcs8
Vcs8
Malikireddy Bramhananda Reddy
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Joel Porquet
Circular queue
Circular queue
ShobhaHiremath8
Avl tree
Avl tree
loyola ICAM college of engineering and technology
Final ds record
Final ds record
Ganisius Ganish
Recomendados
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Kazuki Yoshida
Emacs Key Bindings
Emacs Key Bindings
Kazuki Yoshida
「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)
Hiroki Mizuno
Vcs8
Vcs8
Malikireddy Bramhananda Reddy
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Joel Porquet
Circular queue
Circular queue
ShobhaHiremath8
Avl tree
Avl tree
loyola ICAM college of engineering and technology
Final ds record
Final ds record
Ganisius Ganish
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
loyola ICAM college of engineering and technology
Stack Data Structure
Stack Data Structure
Er. Ganesh Ram Suwal
Php radomize
Php radomize
do_aki
Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)
ujihisa
Taking Inspiration From The Functional World
Taking Inspiration From The Functional World
Piotr Solnica
Message in a bottle
Message in a bottle
Konstantin Haase
What is python
What is python
EU Edge
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
CODE BLUE
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
Framgia Vietnam
as400 built in function- %SCAN
as400 built in function- %SCAN
aminem_mp
Funcion matematica
Funcion matematica
Jhonny Wladimir Peñaloza Cabello
Array imp of list
Array imp of list
Elavarasi K
Data Structures : array operations in c program
Data Structures : array operations in c program
Raghavendra Narayan
Kotlin - Null safety
Kotlin - Null safety
ss90311
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
akaptur
Constructor and variables
Constructor and variables
JayanthiNeelampalli
Keynote, PHP World Kongress Munich
Keynote, PHP World Kongress Munich
Pierre Joye
Double linked list
Double linked list
Sayantan Sur
Functional php
Functional php
Jean Carlo Machado
Laziness in Swift
Laziness in Swift
SwiftWro
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Mail.ru Group
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Mail.ru Group
Más contenido relacionado
La actualidad más candente
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
loyola ICAM college of engineering and technology
Stack Data Structure
Stack Data Structure
Er. Ganesh Ram Suwal
Php radomize
Php radomize
do_aki
Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)
ujihisa
Taking Inspiration From The Functional World
Taking Inspiration From The Functional World
Piotr Solnica
Message in a bottle
Message in a bottle
Konstantin Haase
What is python
What is python
EU Edge
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
CODE BLUE
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
Framgia Vietnam
as400 built in function- %SCAN
as400 built in function- %SCAN
aminem_mp
Funcion matematica
Funcion matematica
Jhonny Wladimir Peñaloza Cabello
Array imp of list
Array imp of list
Elavarasi K
Data Structures : array operations in c program
Data Structures : array operations in c program
Raghavendra Narayan
Kotlin - Null safety
Kotlin - Null safety
ss90311
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
akaptur
Constructor and variables
Constructor and variables
JayanthiNeelampalli
Keynote, PHP World Kongress Munich
Keynote, PHP World Kongress Munich
Pierre Joye
Double linked list
Double linked list
Sayantan Sur
Functional php
Functional php
Jean Carlo Machado
Laziness in Swift
Laziness in Swift
SwiftWro
La actualidad más candente
(20)
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
Stack Data Structure
Stack Data Structure
Php radomize
Php radomize
Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)
Taking Inspiration From The Functional World
Taking Inspiration From The Functional World
Message in a bottle
Message in a bottle
What is python
What is python
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
as400 built in function- %SCAN
as400 built in function- %SCAN
Funcion matematica
Funcion matematica
Array imp of list
Array imp of list
Data Structures : array operations in c program
Data Structures : array operations in c program
Kotlin - Null safety
Kotlin - Null safety
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
Constructor and variables
Constructor and variables
Keynote, PHP World Kongress Munich
Keynote, PHP World Kongress Munich
Double linked list
Double linked list
Functional php
Functional php
Laziness in Swift
Laziness in Swift
Similar a Nobody knows-except-g4mm4
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Mail.ru Group
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Mail.ru Group
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
Damien Seguy
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5
Wim Godden
An introduction to PHP 5.4
An introduction to PHP 5.4
Giovanni Derks
Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)
Phil Calçado
Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)
Damien Seguy
CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11
Combell NV
How to write not breakable unit tests
How to write not breakable unit tests
Rafal Ksiazek
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
Wim Godden
Introduction to PHP 5.3
Introduction to PHP 5.3
guestcc91d4
Driver Debugging Basics
Driver Debugging Basics
Bala Subra
Александр Трищенко: PHP 7 Evolution
Александр Трищенко: PHP 7 Evolution
Oleg Poludnenko
Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)
James Titcumb
Linux Command Line
Linux Command Line
Prima Yogi Loviniltra
A little systemtap
A little systemtap
yang bingwu
A little systemtap
A little systemtap
yang bingwu
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
Sergey Platonov
Price of an Error
Price of an Error
Andrey Karpov
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
Hongyang Wang
Similar a Nobody knows-except-g4mm4
(20)
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5
An introduction to PHP 5.4
An introduction to PHP 5.4
Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)
Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)
CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11
How to write not breakable unit tests
How to write not breakable unit tests
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
Introduction to PHP 5.3
Introduction to PHP 5.3
Driver Debugging Basics
Driver Debugging Basics
Александр Трищенко: PHP 7 Evolution
Александр Трищенко: PHP 7 Evolution
Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)
Linux Command Line
Linux Command Line
A little systemtap
A little systemtap
A little systemtap
A little systemtap
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
Price of an Error
Price of an Error
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
Último
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Último
(20)
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Nobody knows-except-g4mm4
1.
Nobody knows... except g4mm4 http://hackerspace.vn Part
I gamma95x40gmail.com
2.
$ls -la ● Captcha
re-riding attack ● SQL column truncation ● Header() without exit()/die() ● Sink functions
3.
$whoami
4.
$whoamimorning noon afternoon evening midnight
5.
Captcha re-riding attack
6.
Captcha re-riding attack
7.
Captcha re-riding attack
8.
9.
SQL column truncation
10.
SQL column truncation
11.
SQL column truncation
12.
SQL column truncation
13.
SQL column truncation
14.
Ex1: (register.php)
15.
Ex2: (Login.php)
16.
Real world example
17.
Header() without exit()/die()
18.
PHP sink functions array_diff_uassoc array_diff_ukey array_filter array_intersect_uassoc array_intersect_ukey array_map array_reduce array_udiff array_udiff_assoc array_udiff_uassoc array_uintersect array_uintersect_assoc array_uintersect_uassoc array_walk array_walk_recursive assert assert_options call_user_func call_user_func_array create_function dotnet_load forward_static_call forward_static_call_array eio_busy eio_chmod eio_chown eio_close eio_custom eio_dup2 eio_fallocate eio_fchmod eio_fchown eio_fdatasync eio_fstat eio_fstatvfs eval event_buffer_new event_set iterator_apply mb_ereg_replace mb_eregi_replace ob_start preg_filter preg_replace preg_replace_callback register_shutdown_function register_tick_function runkit_method_add runkit_method_copy runkit_method_redefine runkit_method_rename runkit_function_add runkit_function_copy runkit_function_redefine runkit_function_rename session_set_save_handler set_error_handler set_exception_handler spl_autoload spl_autoload_register sqlite_create_aggregate sqlite_create_function stream_wrapper_register uasort uksort usort yaml_parse yaml_parse_file yaml_parse_url
19.
PHP sink functions
20.
PHP sink functions
21.
Questions?