writeup

BGGP4 Writeup: Compiled Python (PYC) Dissection and Forgery across versions

, by
Tags: ,

Writeup of my submissions for the Binary Golf Grand Prix 4 (2023).

Crypto of a NF&A2P** certified alarm system.

, by
Tags: , ,

Details of the cryto stuff I've helped to break on a NF&A2P** certified alarm system.

[CVE-2020-10945] Centreon Session ID Exposure

, by
Tags: ,

Originally posted on the blog of the company where I work; I found a session ID exposure on Centron.

[CVE-2020-10946] Several Cross-Site Scripting (XSS) vulnerabilities in Centreon

, by
Tags: ,

Originaly posted on the blog of the company where I work; With a collegue, we found several XSS on Centreon.

PHP sessions, public directory and isolation

, by
Tags: ,

Alwaysdata, a hosting company, recently fixed a vulnerability. Indeed, they stored PHP sessions in a shared directory. This allowed an attacker to know PHP sessions ID, without their content, and in which account it has been used.