Profile

Cover photo
Marcin Probola
33 followers|43,289 views
AboutPostsPhotosVideos

Stream

Marcin Probola

Shared publicly  - 
 
"Quick notes about the bash bug, its impact, and the fixes so far" http://feedly.com/e/72Hnwlc2
We spent a good chunk of the day investigating the now-famous bash bug, so I had no time for too many jokes about it on Twitter - but I wanted to jot down several things that have been getting drowned out in the noise, especially earlier in the day. Let's start with the nature of the bug.
1
Add a comment...

Marcin Probola

Shared publicly  - 
 
Another "sprint code review" resulted in many vulnerabilities in *.php.net sites. Short summary: bugs.php.net: SQLi, XSS pecl.php.net: SQLi, XSS master.php.net: SQLi, XSS, Possible server-side command execution gtk.php.net: ...
1
Add a comment...

Marcin Probola

Shared publicly  - 
Summary: Still cleaning up after the Heartbleed debacle, OpenSSL is issuing fixes for several vulnerabilities, one of them exploitable to run arbitrary code on the client or server.
1
Add a comment...

Marcin Probola

Shared publicly  - 
 
Apache fingerprinting with icons directory
Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in any way and it's clear example of Security through obscurity , however some administrators want to hide this information or even change ...
Sometimes webservers don't return "Server" header in HTTP response or return fake value. It doesn't increase security in any way and it's clear example of Security through obscurity, however some administrators want to hide t...
1
Add a comment...

Marcin Probola

Shared publicly  - 
 
BitTorrent Sync WebUI (<= 1.4.92) is affected by XSS vulnerability that could be exploitable in some rare scenarios. Proof of concept video (stealing secrets): PoC exploit uses jQuery global ajax hook (jQuery library is alre...
1
uzer sheikh's profile photo
 
hy
Add a comment...

Marcin Probola

Shared publicly  - 
Summary: Oculus will open-source RakNet's C++ class library, perhaps as a gift to developers planning to attend its inaugural dev conference this September.
1
Add a comment...

Marcin Probola

Shared publicly  - 
 
Abusing PHP.net "User Contributed Notes" up/down voting system easier
On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that makes voting from the same IP address in short time unavailable. Look closer at "manual/vote-note.php": ...
$master_url = "http://...
On php.net website there is "User Contributed Notes" with up/down vote system. There is simple abuse protection mechanism that makes voting from the same IP address in short time unavailable. Look closer at "manual/vote-note...
1
Add a comment...
Work
Occupation
IT Ninja
Links
Other profiles
Basic Information
Gender
Male
Other names
red, redeemer