Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The people are RIPSTech do incredible research into the web application security space, particularly with open source PHP applications.
- Moodle is a widely-used open-source e-Learning software allowing for teachers and students to digitally manage activities.
- There is a section of code that uses the 'eval' function (evaluates PHP code directly). However, the developers had some forethought that this may be an issue. So, a filter was created using the regex '-+/*%>:^\~ '.
- The regex will replace all placeholders with a value of 1 recursively, then gives each 1 a random value.
- After bypassing this restriction by nesting curly braces, a several comments were used in order to break out of the rest of the PHP code.
- Filters are really hard deal to do correctly! Even after acknowledging the first bug a bypass was created for the next three patches!
