Collaborate Disseminate
I found a website that reflected back the user inputs. But the problem is when I inject this payload <svg/onload=alert(1)> I get an error.
But when I use this payload <%20svg/onload=alert(1)>, my input reflects b… Continue reading Bypass this unique XSS filter?
What is the difference between Meterpreter shell and system shell?
For example, if I found some vulnerability in a system which allowed both shells, then what should I go for, system shell or Meterpreter shell?
What kind of… Continue reading Meterpreter shell and system shell define?
Forex. if my client using the vulnerable Internet Explorer which was vulnerable to the Aurora Vulnerability (I know its old and patch, but for now, let’s assume) then I use Metasploit Client-side exploitation payload.
Steps … Continue reading How does Client-Side-Exploitation get the System-level-shell in Metasploit?
I have read on somewhere that:
“Do not run Metasploitable (an Intended Vulnerable Virtual Machine)
in your Bridge Network.”
Why? Does it create a bridge to the attacker’s system directly? If yes, how does this happen?
… Continue reading Why should not run Metasploitable on bridge network?
I have seen this answer and it just tells the difference between SFTP and VPN ftp.
But I am asking for How exactly SFTP works? The first SSH make a secure tunnel but then how do I use FTP?
Continue reading How FTP can be connect under SSH so it become sftp? [duplicate]
How Symmetric Key occurs in SSH process?
As I think that the Asymmetric key used for the only Authentication but my main problem is “How Server generates the Symmetric Key which will use to do secure communication”?
Suppose the CNAME of www.anydomain.com is pointing to the www.anydomain.com.cdn.cloudflare.net. Can an attacker try to exploit the Subdomain Take over?
Continue reading Is it possible to Subdomain Take Over with Cloudfare?
I am trying to learn “How Blackhat groups exploit the Victim with the Clickjacking?”.
Let’s say, http://januapp.com/demo/useredit.php is vulnerable to the clickjacking.
The code is something like that,
<html>
&l… Continue reading What Can Blackhat groups can do with the Iframe tag?
Suppose only user-supplied double quotes are allowed in an input tag which has the style attribute set to display: none.
Something like this:
<input type=”text” style=”display: none;” value=”aa” autofocus/onfocus=”prompt… Continue reading XSS on an input element with style="display: none"
How can SSRF be more dangerous? I know through SSRF we can do port scanning But only port Scanning?
Are we able to read the local files? And if we can’t read the local files what further can we do with it?