Aaron Cicali – WindowsTechs.com

Are there security concerns that might prevent database systems from providing password data types?

Posted on August 20, 2021 by Aaron Cicali

Software development environments seem to benefit when problems can be solved "higher up the chain".
For example, many web platform features that are now natively supported in both JavaScript and CSS used to require much labor an… Continue reading Are there security concerns that might prevent database systems from providing password data types?→

What methods can be used to hold Acunetix accountable for their software being used with criminal intent? [closed]

Posted on August 26, 2020 by Aaron Cicali

One server I have access to has occasionally presented logs that show traffic from Acunetix Vulnerability Scanner. I don’t have an account with Acunetix, nor does anyone who has legal ownership of this server.
Upon contacting Acunetix, the… Continue reading What methods can be used to hold Acunetix accountable for their software being used with criminal intent? [closed]→

How can wkhtmltopdf be used without introducing a security vulnerability?

Posted on August 20, 2020 by Aaron Cicali

Background
Per the project website, wkhtmltopdf is a "command line tool to render HTML into PDF using the Qt WebKit rendering engine. It runs entirely "headless" and does not require a display or display service."
The w… Continue reading How can wkhtmltopdf be used without introducing a security vulnerability?→

Does this registry entry for implementing custom protocol handlers in Windows present a security risk?

Posted on August 14, 2020 by Aaron Cicali

Background
Some features are not yet available on the web platform and thus require cooperation with a native application in order to provide them. One method for a web application and a native application to communicate with each other is… Continue reading Does this registry entry for implementing custom protocol handlers in Windows present a security risk?→

Can valid PHP be written and executed in non-ascii character encodings?

Posted on September 20, 2018 by Aaron Cicali

I found a jpeg image on a server that contained the string <?php. The server also hosts an application written in PHP. The contents of the image that come after the string <?php are non-ascii.

I’m unable to find anythi… Continue reading Can valid PHP be written and executed in non-ascii character encodings?→

Can valid PHP be written and executed in non-ascii character encodings?

Posted on September 20, 2018 by Aaron Cicali

I found a jpeg image on a server that contained the string <?php. The server also hosts an application written in PHP. The contents of the image that come after the string <?php are non-ascii.

I’m unable to find anythi… Continue reading Can valid PHP be written and executed in non-ascii character encodings?→

Does MySQL error "Illegal mix of collations" imply an SQL injection vulnerability?

Posted on April 23, 2018 by Aaron Cicali

The user input of a given query is being sanitized (PHP, real_escape_string), yet the query fails with “Illegal mix of collations”. This query is below:

SELECT * FROM `table` WHERE `column` = “�½��ļ��.zip”

Does this imply… Continue reading Does MySQL error "Illegal mix of collations" imply an SQL injection vulnerability?→