Stephen Rees-Carter
@valorin
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write Securing Laravel and hack stuff on stage for fun. 😈 (he/him)
• • 48 Posts • 5K Views
In response to @JalilAbdullayev
It's definitely Google - I (carefully) clicked it.
I think it's just a case of devs not fully thinking through what they are putting in an email.
It's time to continue the Pentest of Chirped, by diving into configs and dependences, and following those threads to discover 4 CRITICAL vulnerabilities! 😱
I'm super proud of this one, all 4 are based off real vulns I've found for my clients! 🕵️
securinglaravel.com/in-depth-pentesting-laravel-part-2-configs-dependencies-and-routes
Part Two of my Pentesting walkthough is almost done! I just counted and it finds 4 different critical vulnerabilities in my copy of Chirper - all based off actual vulnerabilities I've found on client sites. 😈
You won't want to miss this one!
Part Two of my Pentesting Laravel series on Securing Laravel is due out in a few hours - it'll be a little bit late. There is still a bit to cover, and I need to get the birthday challenge page up too! 🎂
While you're waiting, check out Part One:
securinglaravel.com/in-depth-pentesting-laravel-part-1-passive-scans 🕵️