Collaborate Disseminate
XST is a well known vulnerability and the reason that everyone always alerts: TRACE is allowed this is bad. But what I see often at clients is that a request using TRACE returns the same as a GET. Am I doing something wrong, … Continue reading TRACE method returns GET
I am playing around with vulnserver on my windows 10 (up to date) host. The weird thing is I only get crashes with KSTET and GTER and nothing with the other ones.
As I found this weird I cheated a bit and searched for other … Continue reading Vulnserver windows 10 only a few exploits
I am busy with making a comprehensive writeup of DVWA for our junior employees. The high level of the file upload I do not seem to get to work except if I use the file include vulnerability and upload a image with php script … Continue reading DVWA file upload High without other vulnerabilities
I had an interesting conversation with a pentester who told me he had found a buffer overflow in Wordpress. The person in question was really adamant that this was true. The client is a bit skeptical about the technical skill… Continue reading Is it possible to find a buffer overflow in WordPress?
So, I have an upload functionality where extension of the filetype is checked correctly (and not currently bypassable). But the mime type is not checked. Does this leave me with some residual risk or possible “attacks”. Where I mean attack… Continue reading File upload not checking on mime type
When creating or testing a file upload functionality how do you deal with Office documents assuming that the client wants to be able to upload .doc/.docx/.xls/.xlsx?
I have found quite some reading material about the possibi… Continue reading How to deal with Office documents in file upload?
Is there any way to find out what selectors are used by a domain in their DKIM record without access to an e-mail send from that domain?
So to clarify, let’s say I know example.com has DKIM implemented.
I cannot receive an e-mail from exa… Continue reading Finding DKIM selectors without mailing
DMARC is used to tell receivers of e-mail what to do if SPF or DKIM fails in mails send from your domain. As far as I know this pretty much sums up DMARC, if this is not correct please correct me.
My question:
The situation … Continue reading DMARC none policy overwrites local policy
As I understand it, the Logjam TLS attack is an attack that downgrades the DHE cipher suite used by the server to DHE_EXPORT. Where the client thinks it is talking DHE 512 and the server things it’s talking DHE_EXPORT (which … Continue reading Logjam definition question
I am playing around with dll-hijacking and was wondering about something that I haven’t been able to find out myself by googling.
I get how the basics work with the fact that DLL’s are loaded by an executeable/service/install… Continue reading DLL hijacking – How to find out if path is relative