Due to popular demand, I’ve decided to create a blog post on how I set up my PHP debugging environment for hacking PHP applications. In this guide, I will walk you through my setup, which includes using an Ubuntu VPS for the web server and Xdebug. Additionally, I use VSCode as my debugging tool and Burp Suite for testing. Let’s get started!

This article provides an in-depth technical analysis of CVE-2022-31061, a blind SQL injection vulnerability discovered in GLPI during LDAP authentication. This vulnerability was tested on GLPI version 10.0.1. We explore the exploitation process, pinpointing the exact location and underlying causes of the vulnerability.

I was tasked with testing a banking application. Despite numerous prior penetration tests, I was surprised by the extent of critical vulnerabilities and the insecure implementation of authorization. The mission extended over four days, yet I breached the server within the first few hours. I proceeded with the pentest in white-box mode.