nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
Recent Posts
Monitoring FileMaker scheduled scripts
Tutorial about monitoring FileMaker scheduled scripts for uptime
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...
Bypassing regular expression checks with a line feed
Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious.
Database backups via mysqldump: from MariaDB container to S3
For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3.
Remote debugging Claris Data API
When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of t...
Remote debugging NodeJS apps
When you want to debug an application in an environment which is hard to replicate locally and/or you cannot install additional software on the machine it is...
Monitor websites and detect when cron jobs and scheduled tasks are not running
TL;DR Want to monitor your websites or get notified when your cron jobs or scheduled tasks are not running when they are supposed to run? Check out https://a...
Info leaks via buffered output on HTTP redirects
Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenti...
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform