Secure77

Techblog and Security

PHP Voting System – Admin Authentication Bypass (SQLI)

Today i found a new exploit in the PHP Voting System. Exploit-DB entry: https://www.exploit-db.com/exploits/49843 The /admin/login.php is vulnerable against SQL injections and so you can bypass the admin authentication. login.php As you can see the first check if($query->num_rows < 1)against the username is only checking the number of rows. With the following statement you always

Continue Reading „PHP Voting System – Admin Authentication Bypass (SQLI)“

Tags: | |

Posted: 6. Mai 2021 by

Leave a Comment

Research Valheim Server Passwords

In version 0.147.3 of valheim there is a possibility to receive and extract the passwords entered by the user. Responsible disclosure: I send an Email to the developer Team of irongatestudio, but unfortunately they didd’t respond to me. This is only possible if you control the server binaries! at this moment there was no possibility

Continue Reading „Research Valheim Server Passwords“

Tags: | |

Posted: 8. März 2021 by

Leave a Comment

openSSH commands unter Windows absichern

Seit Windows Server 2019 kann der openSSH Server über die Features oder per Powershell einfach nach installiert werden. Siehe Windows Server 2019 openSSH. Aber auch für Windows Server 2016 und älter besteht die Möglichkeit openSSH als Server Variante einfach zum laufen zu bekommen: Windows Server 2016 openSSH. In dem Beitrag geht es um das Einschränken

Continue Reading „openSSH commands unter Windows absichern“

Tags: |

Posted: 5. Dezember 2020 by

Leave a Comment

Copyright © 2025 · All Rights Reserved · Secure77 · Theme: Portfolio Lite by Organic Themes