🚀 Huge thanks to @cfreal_ for the threading PR. Lightyear is now faster than ever! We truly appreciate continued contributions. If you haven’t yet, give lightyear a try and see the difference yourself!. #opensource #lightyear #performance #php #pentest #infosec #cybersecurity.

The discovered chain contains interesting new vectors : Pre-authentication SQLi on the Inventory native feature ->Authentication bypass by fetching api_token or personal_token -> Either plugin command injection through the Marketplace or a new LFI vector via PDF exports->RCE.

GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post:

New #PHP research by @ptswarm ! Using our tools wrapwrap ( and our latest one lightyear ( developed by @cfreal_ ! #php #xxe #infosec #CyberSecurity.

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm.

Kudos to @cfreal_ for his talk @defcon a few weeks ago ! .You can watch it now on Youtube !.

At long last: Iconv, set the charset to RCE (part 3): in this final part of the iconv series, @cfreal_ demonstrates how you can use CVE-2024-2961 to convert BLIND file reads to RCE.

In August, @cfreal_ will be at @defcon to talk about CVE-2024-2961. Don't miss Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine ! #DEFCON32

Iconv, set the charset to RCE (part 2): @cfreal_ exploits direct iconv() calls to hack the PHP engine, and its most popular webmail, @Roundcube (CVE-2024-2961).

📷 Learn more and contribute: Scalpel is in Alpha and your feedback is valuable. Check the docs and join us on GitHub! .

📷 Modify the entire traffic with Scalpel. Implement custom logic to manipulate requests globally using the request function:

📷 View and modify encrypted HTTP parameters as plaintext in the Repeater. Using the above code adds new editors to Burp, watch it in action:

🔧 Intercept and rewrite HTTP traffic effortlessly. Implement req_edit_in and req_edit_out hooks to create new editors in Burp's Repeater:

Scalpel is here: this @Burp_Suite extension lets you edit your requests, in Python 3, in the repeater or on-the-fly.

Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961)

PHPGGC just reached 3000 stars on @github !. In 7 years, it went from a handful of gadget chains to more than 140, with more than 50 contributors. Thank You !

RT @LexfoSecurite: Congrats to @cfreal_ who will be speaker at @offensive_con in Berlin in May !.

Introducing a new tool for #PHP filters attacks, #wrapwrap: an algorithm to add an arbitrary prefix and suffix to a PHP resource, improving the exploitation of file read and #SSRF vulnerabilities.

We've updated our blogpost about @ownCloud with an #exploit for #CVE-2023-49105 and a video.

Learn about the two @Owncloud vulnerabilities CVE-2023-49103 and CVE-2023-49105 in our new blogpost: