For free time that I don’t have

Today I’ve been accidentally paying attention to a php code that reminds me a issue that it ain’t totally important how long has somebody been in programing world , just his ability to reduction and maintenance ! Read more…

General, PHP, Programming explode(), list(), passwd, preg_match_all, split()

Hello everybody , after a insufferable weak that I complain with , I’m here to post up the blog , I’ve recently been occupied by penetration test on some web applications , while these days I’ve frequently seen several bypasses for php and I just wondered , the vulnerabilities are advancing coming out faster than I thought they would Read more…

Bypassing, General, Hacking, PHP, Security Cpanel Bypass Safe mode [ extract tar.gz by Cpanel ], open_basedir, PHP 5.2.11/5.3.0 Multiple Vulnerabilities, PHP 5.2.12/5.3.1 symlink() open_basedir bypass, posix_mkfifo(), Safe mode bypass, symlink(), tempnam()

You may be announced of my web site hacked few days ago , it was around five O’clock , I was received an instant message of defacement of the sc0rpion.ir , I knew that it’s not an imbalance , each site has approximately been hacked one time till today . Read more…

General, Myself, News Sc0rpion.ir

This publishing is around bonus stuff which I’ve considered ,MySQL injection , I had written a query :

/page.php?id=-1 union select table_name,2 from from information_schema.tables
where TABLE_SCHEMA='Sc0rpion'

As you see we used a single quote in query Read more…

Bypassing, General, Hacking, Mysql injection, PHP, Security bypass mysql_real_escape_string, Bypassing, escaping by mysql_real_escape_string(), Mysql injection, PHP, Securitybypass magic_quote