Penetration Test – Page 5 – Mehmet INCE

Namecheap XSS Vulnerability via SSL Certificate

13/09/201513/04/2014 by mehmet ince

Hello

I discovered interesting XSS attack vector on NameCheap firm. As you know, you can sign your certificates via NameCheap.

Concrete5 Reflected XSS Vulnerability via HTTP Header Host Parameter

09/04/2014 by mehmet ince

Hello

This vulnerability doesn’t lead to any attack vectors -for now-. But I want to share my analysis.

Concrete5 <= 5.6.3.1(install.php) Remote Code Execution Vulnerability & Exploitation

19/08/201506/04/2014 by mehmet ince

Hello

I decided to work on Concrete5. I chose concrete5 because I discovered few Reflected XSS vulnerability 2 years ago. At the following part, we will describe issue that cause remote code execution, lets start.

Python Pickle ile Remote Code Execution Zafiyetleri

03/04/2014 by mehmet ince

Merhaba

Diğer bir çok programlama dillerinde olduğu gibi, python’da da serialize işlemi yapılabilmektedir.