Charlie Clark – WindowsTechs.com

Possible SSRF in image tag that takes (partial) user input?

Posted on September 27, 2020 by Charlie Clark

A webapp has an img tag that partially takes userinput like so:
<img src="/blah/blah/$USERINPUT.jpg">

where the first / is from the root of the domain.
Could there be a vulnerability here? Potentially using ../ and then at… Continue reading Possible SSRF in image tag that takes (partial) user input?→

What are the advantages of port scanning?

Posted on September 16, 2020 by Charlie Clark

It seems like all the google results to this question answer what port scanning is, but go into little detail about how a pentester or hacker could use the information about what ports a network has open to leverage an attack on it.
Why do… Continue reading What are the advantages of port scanning?→

Potential vulnerability in JSON response returning base 64 encoded image data, with the response being vulnerable to MIME sniffing

Posted on September 10, 2020 by Charlie Clark

A JSON response in the API of a webapp is returning the base64 of a user-uploaded image, and there’s no X-Content-Type-Options Header to prevent MIME sniffing.
Could this be a potential vulnerability such as an XSS for the webapp by using … Continue reading Potential vulnerability in JSON response returning base 64 encoded image data, with the response being vulnerable to MIME sniffing→

Potential vulnerability in web app that reads your ip address and returns a json response with country / region

Posted on September 9, 2020 by Charlie Clark

I would like to know if there is any possibility or situation in which a web app endpoint that uses ONLY your ip address to return json with information regarding your location can be exploited.
This is quite an open ended question, so I w… Continue reading Potential vulnerability in web app that reads your ip address and returns a json response with country / region→