Well, as I am sitting here semi high and haven’t sleet for 27 hours. I am pondering about what I should do with my new found zeroday. It has gotten me allot of new pass files and it has been a fun day. but what should I do now? I could publish it and write an exploit, would be fun to try out my new found C# skills. Then I’ll lose the whole after a week or so. I think I might hang on to it so I have an edge. I was thinking about maybe hacking the main website for the application and maybe put in a small surprise in the source code. But it will someday be discovered by someone and I lose my access. Although it could be fun. But this application is so poorly coded that a monkey could do better. Worst is that it costs 2000$.

Exploit: My new zeroday tool uses first a “true or false” sql injection to get the admin login that is in plain-text. Then it logs in as admin, uploads an evil img (just a jpg with php-code) then it uses an lfi in the config file to execute my evil img.

Well, my blog career was cut short by a server crash and i haven’t had the time or desire to resurrect the blog but lately i have felt the need to have something to take care of. So respawning the blog came natural. So I got my nickname registered as the domain and starting putting it together again. Anyway I am going to try and post at least once a week and keep you all updated of what fun stuff i have been up to. I really have been busy during the time I have been gone. I still have some small stuff to fix and update but hopefully I’ll be up and running 100% at the end of this week. Stay tuned for more adventures of hithron.