How to Exploit a Remote File Inclusion (RFI)
Practical guide on RFI vulnerability: how to exploit Remote File Inclusion to execute remote code by including malicious files from an external server.
Feb 11, 2022 Juan Antonio González Mena
All Posts
123 articles
Web shell upload via Content-Type restriction bypass - PortSwigger Write Up
Learn to exploit file upload vulnerabilities by bypassing Content-Type restrictions to execute malicious PHP code.
Feb 10, 2022 Juan Antonio González Mena
Remote Code Execution via Web Shell Upload - PortSwigger Write Up
Learn to exploit file upload vulnerabilities to achieve remote code execution by uploading a PHP web shell.
Feb 9, 2022 Juan Antonio González Mena
Blind OS command injection with out-of-band interaction – PortSwigger Write Up
Learn to detect blind command injection vulnerabilities using out-of-band techniques with DNS lookups to external servers.
Feb 8, 2022 Juan Antonio González Mena
How to Exploit a Local File Inclusion (LFI)
Complete guide on LFI vulnerability: exploitation techniques, bypasses, and methods to convert a Local File Inclusion into remote command execution.
Feb 7, 2022 Juan Antonio González Mena
Exploiting PHP Wrappers
Complete guide on exploiting PHP Wrappers in web vulnerabilities, including techniques with php://filter, zip://, data://, php://input and expect:// for LFI and XXE.
Feb 4, 2022 Juan Antonio González Mena
Blind OS command injection with output redirection – PortSwigger Write Up
Learn to exploit blind command injection vulnerabilities by redirecting output to accessible files to read the output of executed commands.
Feb 3, 2022 Juan Antonio González Mena
Blind OS command injection with time delays – PortSwigger Write Up
Learn to exploit blind command injection vulnerabilities using time delays to detect successful command execution on the server.
Feb 2, 2022 Juan Antonio González Mena
OS command injection, simple case - PortSwigger Write Up
Step-by-step solution for PortSwigger's OS command injection, simple case lab. Learn how to exploit operating system command injection vulnerabilities.
Feb 1, 2022 Juan Antonio González Mena