Web Application Security

How to become a pentester

Intro I receive a lot of emails.  (Please don’t make it worse, thanks!)   Unfortunately I don’t have as much spare time as I used to, or would like to, so I often have no other choice than to redirect questions to our forums or our IRC channel (#corelan on freenode), hoping that other members […]

Zabbix SQL Injection/RCE – CVE-2013-5743

Table of ContentsIntroductionDisclosure Timeline:Vendor DetailsVulnerability DetailsThe patch Leveraging SQL InjectionCool! We got Admin, now what?Code Execution Further Exploitation? Introduction First off, please do not throw a tomato at me since this is not the typical Windows binary exploit article that is posted on Corelan! During a recent a penetration test, I encountered a host running Zabbix, an […]

Metasploit module : HTTP Form field fuzzer

Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]

HaXx.Me #3 – Corelan Team documentation

Last week (oct 17 2010), Lincoln (one of the Corelan Team members) informed the other team members about an ongoing hacking challenge (HaXx.Me #03) organized and hosted by MaXe (@intern0t). When I saw his message, it was already Sunday night and I knew I had to get up early the next day. Nevertheless I chose […]

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories