What is it? When a web app takes user-controlled input (eg a url query string parameter) and passes it to an include command without sanitising it. The server then accesses the remote file which could be a reverse shell script or other malicious code. May I see it? Yes. $incfile = $_REQUEST["file"]; include($incfile.".php"); Here, the file parameter is taken from the query string and passed into an include command. If the following request is made:…

codice-fuzzcale is a personal project written in Go that creates Italian fiscal codes based on incomplete information. Sometimes when I’m testing Italian web portals, I need a quick way of creating a lot of valid codes, so this could come in handy when it’s finished. At the moment, it will fuzz all possible codes with an unknown surname, so that’s a start. Demo below: If the playback was slow, watch it again to see the full speed of Go gophers, who generated 17,576 valid fiscal codes in the blink of an eye.…

I’m working on a personal project in Go at the moment, and am looking at concurrency, so here are some basic tl;dr notes on this talk by Rob Pike. Concurrency is the composition of independently executing computations - a way to write clean code that interacts well with the real, and very concurrent, world. It is not parallelism. If your computer only has one processor, it cannot be parallel because it is only executing one instruction at a time.…

A brief summary of a capture the flag activity I carried out on 25/07/21, with details of the exploits used and possible remediations. Flag 1 - user data in cookie Cookie containing user data encoded in Base64. Remediation Avoid storing confidential or personal data in cookies, instead storing the information server-side and associating it with a cookie containing no meaningful information. Flag 2 - test data in source code Preprod code left in production html.…