Abdulrahman-Kamel

Pinned

RCE By Code Injection | Perl Reverse Shell

what is php code injection weakness ? Code injection is an attack that delivers a malicious code payload through a vulnerable attack vector in eval() function without any sanitization or block dangerous functions like exec(), shell_exec(), system() or passthru() Background story While hunting on a private program I like to search on custom parameters in burpsuite after finishing test…

Bug Bounty

3 min read

RCE By Code Injection| Perl Reverse Shell

Bug Bounty

3 min read

Aug 8, 2022

Cyber wargames web challenges

* * * Konan challenge * * * This challenge contains login by username and OTP code First, I sent an admin in user parameter And I show the second request, it had oneparameter OTP

Pentesting

3 min read

Pentesting

3 min read

Aug 8, 2022

Exploit SQL Injection and bypass captcha with SQLMAP

Kenzy challenge (Cyber wargames 2022) SQL Injection + Captcha bypass Challenge description: This login page is protected by captcha to deny any brute force attack. 1. The captcha is not fully secure 2. Login page functionality is vulnerable to Blind SQL Injection Attack vector Bypassing captcha and getting the flag from database. Steps to solve this challenge Detect SQL Injection …

Bug Bounty

4 min read

Exploit SQL Injection and bypass captcha with SQLMAP

Bug Bounty

4 min read

Jul 12, 2021

Trick to bypass rate limit of password reset functionality

Note: Since its a private program, I will call it example.com Server behavior If you send many requests, the reset password will block you with response code => 429 and response message “Too many requests”. Attempts in testing 1- Change the user-agent header’s value randomly in every request. [Failed] 2- Adding…

Bug Bounty

2 min read

Trick to bypass rate limit of password reset functionality

Bug Bounty

2 min read