Collaborate Disseminate
During a security assesment I found that an application wrote JavaScript from input fields directly in the database. The application it self had good output sanitization so no XSS was possible in that application. A different… Continue reading CVSS score for no-input validation
I want to use the Responder tool during a pentest to find/show vulnerabilities in how the network is configured. But I am not sure how much effect it would have on the end-users aka the people I have to work with the rest of … Continue reading Responder during pentest risks
I have found a nice macro injection vulnerability in an Excel export functionality. I can inject =1+1 (or worse) into the exported Excel file.
But when opening the file in Excel the formula isn’t directly evaluated at start… Continue reading Macro injection in different Excel versions
Is there any way to bypass the x-frame-options header without using a MitM or changing the packets in another way?
So actually getting a site that has x-frame-options: DENY to be shown in an iframe.
I found a possibility for session fixation in an application I am researching. It is a session fixation through a session ID cookie. Now I’ve read up on session fixation and the concept is clear and comes down to getting a vi… Continue reading Session Fixation cookie delivery
During security tests/assessments it is often said that you need to set the cache-control to no-cache (and some other things). But as I was looking at this I found that POST requests are not cached (which makes sense) by defa… Continue reading POST request no-cache header
While doing some pentesting on an android app with Burp setup as a proxy (with https) I saw no traffic coming from whatsapp messages that I received or send.
I looked around in Burp, but I cannot find out why those messages don’t get int… Continue reading Burp with whatsapp
I am busy with a pentest and found something that made me wonder if it would be exploitable. I am currently not able to exploit it, but I wanted to make sure. Also I am curious why the application/server behaves as it does.
This is the f… Continue reading URL injection vulnerability
I was looking at some image vulnerabilities and came across the fairly new openjpeg vulnerability in JPEG2000 images. It says that: “out of bounds memory can be accessed due to an error in mcc records parsing”.
I wanted to p… Continue reading MCC records in JPEG2000
I am busy with security testing on a clients network and was asked to show how “easy” AV evasion is. I created a nice powershell reverse HTTPS file through veil-evasion, which is not detected by the Symantec virusscanner (tes… Continue reading Meterpreter HTTPS detected by IPS