Unicode normalization vulnerabilities

What is Unicode? Unicode or formally Unicode Standard is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world’s writing systems. Representation For example, “A” is mapped to U+0041, and “a” is mapped to U+0061. Unicode characters exist from U+000000 to U+10FFFF (there are more than a million symbols). Unicode divides all these possible symbols into “planes”, the best known is the BMP (Basic Multilingual Plane) that goes from U+0000 to U+FFFF (it is the Unicode plane number 1, there are 16 more, called “astral planes”)....

September 30, 2021 · 4 min · Lazar

Simple Code Analysis

In today’s blog post I’ll be doing a simple source code analysis of vulnerable web blog made by PentesterLab. It’s a basic PHP web app for learning white box testing, meaning that we have access to all of source code. Analysis The first thing I’ll be looking into is index.php file: <?php $site = "PentesterLab vulnerable blog"; require "header.php"; $posts = Post::all(); ?><div class="block" id="block-text"> <div class="secondary-navigation"> <div class="content"> <?php foreach ($posts as $post) { echo $post->render(); } ?...

July 29, 2021 · 8 min · Lazar