Collaborate Disseminate
I have a web application that uses a Version 4 UUID as the session id. If a user makes a request to my web application, he gets a new created session id. After a successful login, the session id does not change. The session id expires if t… Continue reading Attack possible on session id reuse after login?
I am doing a pentest on a client’s ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to verify the RCE, which has a 3-second delay. I also… Continue reading xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?
There is a particular class of vulnerability that I’ve seen on enough ASP.NET applications that I’m starting to wonder what the underlying cause it. The pattern goes as follows
The application has multiple levels of permission
When a user… Continue reading Why does ASP.NET enforce authorization through page rendering rather than on the server?
I’m trying to figure out what else I should (not) do to reduce the possibility of my web app getting hacked. And like most development efforts, while it would be great to have a security expert on the team, we don’t have it.
My app is writ… Continue reading Will these actions better secure my web app
I am writing an application to manage volunteers for political campaigns. This is a lot more complicated than any past multi-tenant app I’ve written and so am asking for guidance here on how to approach this.
Note: I’m not asking for opini… Continue reading Using claims to handle programmatic logic determining what is displayed
On my target site, I found two vulnerabilities, unrestricted file upload(to any directory) and directory traversal. I have two end points :
1- site.com/fileUp : uploads file
{
—-Request Parameters—
file_data=<file>
file_name=123…. Continue reading Uploading webshell in ASP.net application using directory-traversal and file-upload vulnerability
my target has a server that uses aspx possibly version 4.3 and i just found out that it has an image upload part. They have an image analyzer so it has to be an image file so i wonder if i could embed some sort of remote code execution scr… Continue reading Would a base64ed code work inside an images metadata? [closed]
I am exploring the Cookies and their behaviour with Identity Server and I have a sample instance of IdentityServer4 running with the basic config in memory.
I have my Identity Server 4 Cookie set to 1 minute, and I have set the MVC client … Continue reading Does IdentityServer4 trigger front or back-channel log-out when the Local/External Session Cookie expires?
When I download a file, the GET request shows the folder’s path and the file’s name.
For example:
https://example.com/page.aspx?sFolder=\\xxxxxxxxxx\yyyyyy\Path\&fName=file.xlsx [GET request]
I tried to recover the /etc/passwd file wi… Continue reading Found path where files reside on server [closed]
I am currently reviewing an ASP application where this javascript initialization is used all over the place:
const someValue = "<% get_some_value() %>";
And this pattern is actually something recommended in some StackOverf… Continue reading What could go wrong with this inlined javascript variable initialization in ASP?