Emanuel Beni – Page 2 – WindowsTechs.com

File Upload Vulnerability SVG

Posted on August 8, 2020 by Emanuel Beni

I am currently doing a bug bounty program and was testing the company’s file upload functionality. After meddling with the functionality for a while, I was able to change the extension of the uploaded file to ‘.svg’ using burpsuite. I have… Continue reading File Upload Vulnerability SVG→

XSS Prevention Code

Posted on August 1, 2020 by Emanuel Beni

I was just wondering if this code is enough to prevent XSS vulnerability in my web app?
/**
* Escape HTML string to prevent XSS.
*/
export const escapeHtml = (string: string): string => {
if (isString(string)) {
const enti… Continue reading XSS Prevention Code→

CSRF on GraphQL endpoint

Posted on July 26, 2020 by Emanuel Beni

I am currently doing bug bounty on a company which uses GRAPHQL for their query language and would like to check if CSRF is possible. After playing around with burpsuite I have conclude the following;

Company doesn’t use csrf token when f… Continue reading CSRF on GraphQL endpoint→