Paulo Hennig

Cyber Security Engineer

Cloud Security - AWS / Azure

Automation - Python / Shell Script

Code Review - Java / Javascript / PHP / Python

IaC - Cloudformation / Terraform

Red Team

Pentester

Paulo Hennig

Cyber Security Engineer

Cloud Security - AWS / Azure

Automation - Python / Shell Script

Code Review - Java / Javascript / PHP / Python

IaC - Cloudformation / Terraform

Red Team

Pentester

Uncategorized

June 24, 2022 XSS through PHP_SELF

As per https://www.php.net/manual/en/reserved.variables.server.php, we can interpret PHP_SELF as: The filename of the currently executing script, relative to the document root….

May 24, 2022 Impact Awareness – bounty submission

Summary Given the fact that your bounty report might change your finding from being “accepted” and even your reward over…

May 16, 2022 CVE-2021-42943

Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via…