Skip to content

Jitendra Patro

It's only "not easy" until you learn how.

Menu
  • Home
  • Blog
  • Projects
  • Writeups
    • Advisories
      • CVE writeups
      • Not CVE writeups
    • Android
    • Radio/Satellite Hacks
    • Secure Code Warrior
      • PHP Basic
    • HW Hacks

Tag: php

Posted onOctober 29, 2022November 2, 2022Advisories

CVE-2022-33012:- Account Takeover Through Password Reset Poisoning

by PhoenixLeave a comment on CVE-2022-33012:- Account Takeover Through Password Reset Poisoning

The Vendor Microweber is a Drag-and-Drop PHP CMS with more than 2.5k stars on Github. It’s based on the PHP Laravel Framework and you can make any kind of website,…

Read More
Posted onJuly 4, 2022March 12, 2023Advisories

Multiple Vulnerabilities in Idno – Known PHP CMS software

by Phoenix4 Comments on Multiple Vulnerabilities in Idno – Known PHP CMS software

Introduction My journey into Source code security auditing started back in October 2021, when I was creating an intentionally vulnerable Linux machine for online hacking. I had to audit and…

Read More
Posted onApril 20, 2022November 2, 2022PHP Basic

OWASP A10:2017 – Insufficient Logging & Monitoring

by PhoenixLeave a comment on OWASP A10:2017 – Insufficient Logging & Monitoring

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 18, 2022November 2, 2022PHP Basic

OWASP A9:2017 – Using Components with Known Vulnerabilities

by PhoenixLeave a comment on OWASP A9:2017 – Using Components with Known Vulnerabilities

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 16, 2022November 2, 2022PHP Basic

OWASP A7:2017 – Cross-Site Scripting (XSS)

by PhoenixLeave a comment on OWASP A7:2017 – Cross-Site Scripting (XSS)

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 16, 2022November 2, 2022PHP Basic

OWASP A6:2017 – Security Misconfiguration

by PhoenixLeave a comment on OWASP A6:2017 – Security Misconfiguration

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 15, 2022November 2, 2022PHP Basic

OWASP A5:2017 – Broken Access Control

by PhoenixLeave a comment on OWASP A5:2017 – Broken Access Control

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about…

Read More
Posted onApril 11, 2022November 2, 2022PHP Basic

OWASP A3:2017 – Sensitive Data Exposure

by PhoenixLeave a comment on OWASP A3:2017 – Sensitive Data Exposure

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about…

Read More
Posted onApril 3, 2022March 26, 2023PHP Basic

OWASP A1:2017 – Injection

by PhoenixLeave a comment on OWASP A1:2017 – Injection

If you think this post’s titles sounds a bit weird for SEO, then know that it’s intentional. I did this to prevent blog posts under my PHP Basic category to…

Read More
Posted onDecember 6, 2021April 1, 2022Tutorials

Tuning Apache, PHP and MySQL for better performance

by PhoenixLeave a comment on Tuning Apache, PHP and MySQL for better performance

Today we’ll dive into improving performance and speeding up Apache WebServer while tuning PHP-FPM and MySQL for better performance of our installed WebApps. We’ll be doing a lot of server…

Read More

About The Blog

I created this blog to share the knowledge I've gained over the years and things that I'm yet to learn. Presently, my posts will be mainly focused on Open Source software, Information Security and Hacking. Happy Learning!

Recent Posts

  • OWASP Android UnCrackable Level 2
  • OWASP Android UnCrackable Level 1
  • Project: Wireless Hacks!
  • Emulating AARCH64(ARM64) with QEMU – Part 1
  • ModSecurity with OWASP CRS – Part 1: Installation
  • CVE-2022-33012:- Account Takeover Through Password Reset Poisoning
  • CVE-2022-33994:- Stored XSS in WordPress

Archives

  • 2023
  • 2022
  • 2021

Categories

  • Advisories
  • Android
  • CVE writeups
  • HW Hacks
  • ModSecurity
  • Not CVE writeups
  • PHP Basic
  • Projects
  • Radio/Satellite Hacks
  • Secure Code Warrior
  • Tutorials
  • Writeups

Tags

aarch64 access control Account Takeover algorithm Android apache Azure Bitwarden C CMS code Core Rule Set CVE Debian dns docker Email emulation first post Frida gcloud cli git Google Cloud HCL HTTP Headers IDOR injection installing-openvpn-as iptables Java JavaScript Linode Linux mail MFA Microsxxt MITRE MobSF mysql Networking nextcloud Open Source openvpn OpenVPN 3 ovpn-dco OWASP pagespeed password manager path traversal performance php php-fpm postfix Project proxy QEMU Radio restricting-ssh rootless docker securing-ssh Security security misconfig sensitive data exposure Shadowsocks SMIL sql ssh ssl sslh sslh-proxy su sudo SVG Terraform transparent-sslh two-factor-auth ubuntu virtualization vulnerability WAF webserver WordPress XSS

Contact Me

  • GitHub
  • LinkedIn
  • Mail
  • GitHub
© 2024 Jitendra Patro.