Collaborate Disseminate
I am doing a pentest on a client’s ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to verify the RCE, which has a 3-second delay. I also… Continue reading xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?
There is a particular class of vulnerability that I’ve seen on enough ASP.NET applications that I’m starting to wonder what the underlying cause it. The pattern goes as follows
The application has multiple levels of permission
When a user… Continue reading Why does ASP.NET enforce authorization through page rendering rather than on the server?
I’m trying to figure out what else I should (not) do to reduce the possibility of my web app getting hacked. And like most development efforts, while it would be great to have a security expert on the team, we don’t have it.
My app is writ… Continue reading Will these actions better secure my web app
I am writing an application to manage volunteers for political campaigns. This is a lot more complicated than any past multi-tenant app I’ve written and so am asking for guidance here on how to approach this.
Note: I’m not asking for opini… Continue reading Using claims to handle programmatic logic determining what is displayed
On my target site, I found two vulnerabilities, unrestricted file upload(to any directory) and directory traversal. I have two end points :
1- site.com/fileUp : uploads file
{
—-Request Parameters—
file_data=<file>
file_name=123…. Continue reading Uploading webshell in ASP.net application using directory-traversal and file-upload vulnerability
my target has a server that uses aspx possibly version 4.3 and i just found out that it has an image upload part. They have an image analyzer so it has to be an image file so i wonder if i could embed some sort of remote code execution scr… Continue reading Would a base64ed code work inside an images metadata? [closed]
I am exploring the Cookies and their behaviour with Identity Server and I have a sample instance of IdentityServer4 running with the basic config in memory.
I have my Identity Server 4 Cookie set to 1 minute, and I have set the MVC client … Continue reading Does IdentityServer4 trigger front or back-channel log-out when the Local/External Session Cookie expires?
When I download a file, the GET request shows the folder’s path and the file’s name.
For example:
https://example.com/page.aspx?sFolder=\\xxxxxxxxxx\yyyyyy\Path\&fName=file.xlsx [GET request]
I tried to recover the /etc/passwd file wi… Continue reading Found path where files reside on server [closed]
I am currently reviewing an ASP application where this javascript initialization is used all over the place:
const someValue = "<% get_some_value() %>";
And this pattern is actually something recommended in some StackOverf… Continue reading What could go wrong with this inlined javascript variable initialization in ASP?
I have an MVC application that has undergone SAST. The scan detects a potential XSRF/CSRF vulnerability.
The application rewrites the .AspNet.ApplicationCookie setting SameSite=Strict:
protected void Application_PreSendRequestHeaders(objec… Continue reading Is the .AspNet.Application cookie vulnerable to CSRF attacks?