I liked the defense and the bypass step! Thanks ippsec from the future! lol. Another defense, making the web root read only via extended acls. Wonder if there is a cool bypass then!
I'm using VCS and Snyk for the first time. When I scan the src dir contents (created by our crawler), Snyk said no vulnerabilities found. Trying to get Snyk working, I installed composer and had it create composer.json and composer.lock, which Snyk seemed to like. But it still finds no vulns. How did you get it to work?
Poisoning the PHP session file was the intended solution, so I'm glad you included it! I guess I forgot you can just include a remote file 😅
I cant stop watching your videos - you are the best ever.
Yes, IppSec, John Hammond, David Bombal and Joe are the BEST pentesting folks
BroScience was a really strong classical Linux box
I liked the defense and the bypass step! Thanks ippsec from the future! lol.
Another defense, making the web root read only via extended acls. Wonder if there is a cool bypass then!
I doubt you'd be able to exploit if the www-data could not write to the web directory.
Thank you Ippsec, I appreciate your efforts 💐
Thanks for shareing the php vuln. I know to watchout what I missed earlier. Take care and made more. I love your videos.
I'm using VCS and Snyk for the first time. When I scan the src dir contents (created by our crawler), Snyk said no vulnerabilities found. Trying to get Snyk working, I installed composer and had it create composer.json and composer.lock, which Snyk seemed to like. But it still finds no vulns. How did you get it to work?
Great video as always ❤ thank you
Thank you ippsec!
❤
Isn't that box still active?
Naw that is retired
Push!