Skip to content

Jitendra Patro

It's only "not easy" until you learn how.

Menu
  • Home
  • Blog
  • Projects
  • Writeups
    • CVEs and Not CVEs
      • CVE writeups
      • Not CVE writeups
    • HW Hacks
    • Secure Code Warrior
      • PHP Basic

Category: Writeups

Walkthrough and writeups for CVEs/challenges.

Posted onMarch 8, 2023March 16, 2023HW Hacks

Emulating AARCH64(ARM64) with QEMU – Part 1

by PhoenixLeave a comment on Emulating AARCH64(ARM64) with QEMU – Part 1

Introduction Whether you’re trying to build/test software for different architectures, or doing reverse engineering/hardware hacking, you’ll often come across the need to possess a build/hacking environment for a different architecture…

Read More
Posted onJanuary 20, 2023March 21, 2023ModSecurity

ModSecurity with OWASP CRS – Part 1: Installation

by PhoenixLeave a comment on ModSecurity with OWASP CRS – Part 1: Installation

ModSecurity is an open source, cross platform Web Application Firewall (WAF) developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks…

Read More
Posted onOctober 29, 2022November 2, 2022CVE writeups

CVE-2022-33012:- Account Takeover Through Password Reset Poisoning

by PhoenixLeave a comment on CVE-2022-33012:- Account Takeover Through Password Reset Poisoning

The Vendor Microweber is a Drag-and-Drop PHP CMS with more than 2.5k stars on Github. It’s based on the PHP Laravel Framework and you can make any kind of website,…

Read More
Posted onJuly 30, 2022January 3, 2023CVE writeups

CVE-2022-33994:- Stored XSS in WordPress

by PhoenixLeave a comment on CVE-2022-33994:- Stored XSS in WordPress

Introduction I found a Stored Cross Site Scripting vulnerability in WordPress that got rejected and got labeled as Informative by the WordPress Team. Today is the 45th day since I…

Read More
Posted onJuly 17, 2022November 2, 2022CVEs and Not CVEs

Microsxxt Azure Global Admin MFA Bypass

by PhoenixLeave a comment on Microsxxt Azure Global Admin MFA Bypass

Introduction First of all, you might be getting curious about the post title, especially the “xx” in Microsxxt. Well, I leave it to the reader’s imagination to fill those “xx”…

Read More
Posted onJuly 4, 2022March 12, 2023CVE writeups

Multiple Vulnerabilities in Idno – Known PHP CMS software

by Phoenix4 Comments on Multiple Vulnerabilities in Idno – Known PHP CMS software

Introduction My journey into Source code security auditing started back in October 2021, when I was creating an intentionally vulnerable Linux machine for online hacking. I had to audit and…

Read More
Posted onApril 20, 2022November 2, 2022PHP Basic

OWASP A10:2017 – Insufficient Logging & Monitoring

by PhoenixLeave a comment on OWASP A10:2017 – Insufficient Logging & Monitoring

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 18, 2022November 2, 2022PHP Basic

OWASP A9:2017 – Using Components with Known Vulnerabilities

by PhoenixLeave a comment on OWASP A9:2017 – Using Components with Known Vulnerabilities

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 16, 2022November 2, 2022PHP Basic

OWASP A7:2017 – Cross-Site Scripting (XSS)

by PhoenixLeave a comment on OWASP A7:2017 – Cross-Site Scripting (XSS)

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 16, 2022November 2, 2022PHP Basic

OWASP A6:2017 – Security Misconfiguration

by PhoenixLeave a comment on OWASP A6:2017 – Security Misconfiguration

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More

Posts navigation

Page 1 Page 2 Next Page

About The Blog

I created this blog to share the knowledge I've gained over the years and things that I'm yet to learn. Presently, my posts will be mainly focused on Open Source software, Information Security and Hacking. Happy Learning!

Recent Posts

  • Emulating AARCH64(ARM64) with QEMU – Part 1
  • ModSecurity with OWASP CRS – Part 1: Installation
  • CVE-2022-33012:- Account Takeover Through Password Reset Poisoning
  • CVE-2022-33994:- Stored XSS in WordPress
  • Microsxxt Azure Global Admin MFA Bypass
  • Multiple Vulnerabilities in Idno – Known PHP CMS software
  • Deploying a Shadowsocks Server to GCP using Terraform

Archives

  • March 2023
  • January 2023
  • October 2022
  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021

Categories

  • CVE writeups
  • CVEs and Not CVEs
  • HW Hacks
  • ModSecurity
  • Not CVE writeups
  • PHP Basic
  • Projects
  • Secure Code Warrior
  • Tutorials
  • Writeups

Tags

aarch64 access control Account Takeover algorithm apache Azure Bitwarden CMS code Core Rule Set CVE Debian dns docker Email emulation first post gcloud cli git Google Cloud HCL HTTP Headers IDOR injection installing-openvpn-as iptables Linode Linux mail MFA Microsxxt MITRE mysql Networking nextcloud Open Source openvpn OpenVPN 3 ovpn-dco OWASP pagespeed password manager path traversal performance php php-fpm postfix proxy QEMU restricting-ssh rootless docker securing-ssh security security misconfig sensitive data exposure Shadowsocks SMIL sql ssh ssl sslh sslh-proxy su sudo SVG Terraform transparent-sslh two-factor-auth ubuntu virtualization vulnerability WAF webserver WordPress XSS

Contact Me

  • GitHub
  • LinkedIn
  • Mail
  • GitHub
© 2023 Jitendra Patro.