Blog Migration

It has been a pending task in the last few years to migrate my personal blog from Blogger to Github Pages. Unfortunately I don’t usually update my blog, but I think it needed a change of look and feel to motivate myself to write again.

Read More

Undo Five/Nine (Crypto 300, Lisbon CTF)

Last week I had the opportunity to participate in the on-site Bsides Lisbon CTF. I teamed up with some workmates and we tried to solve some of the challenges.

One of the challenges I was working on was "Crypto 300: Undo Five/Nine". I didn't take notes on the description, but basically they gave a piece of PHP code "snip.php" and two other files: "readme.txt" and...
Read More

SQL LIKE clauses wildcard injection

This blogpost is a contribution of Ramon Pinuaga [LinkedIn][Twitter].

I’m going to talk about a little known vulnerability and traditionally considered of low risk, although as we are going to see in some situations it can have a big impact.

This vulnerability involves the possibility of injecting a wildcard in the search field of ...
Read More