Collaborate Disseminate
I read a lot of reports where ‘hackers’ potentially exploited a ‘Hidden HTTP Parameter’. There are also tons of tools which are developed for this exact purpose.
Example : https://blog.yeswehack.com/yeswerhackers/parameter-discovery-quick-… Continue reading What exactly are Hidden HTTP Parameters?
I am searching for the best way to merge two parts of software together, so it would be as hard as possible to separate them again through reverse engineering.
At the moment are both parts python, but open minded for anything else.
Continue reading Recommended way to merge a security feature with the rest of the software? [closed]
As a security measure, my Windows-based work computer has been configured to deny any application that hasn’t been signed with a valid certificate; my system will run a signed executable from DropBox’s website, but it will refuse to run an… Continue reading How can code signing posibly be secure on Windows when signed executables act on unsigned input?
I copy / pasted a data:image/png;Base64 image from a Google search into a Google Slide, before realizing it was a BASE64 image. Is there any possibility that this contains malicious code, or any way to check it?
[…]data:image/png;base64… Continue reading Security Implications from Base64 Image
Due to failing IT infrastructure in Sweden, clever developers have provided ways of cheating the system to book train tickets (which is tremendously underdimensioned and failing due to high demand). On their Github page, they provide a Jav… Continue reading Are there any risks to pasting arbitrary Javascript code in web browser console and running it? [duplicate]
I am doing a capture-the-flag exercise in a Windows scenario.
It uses Windows 2016 server. I was able to find the password and I can access the files with a:
net use z: \\computer\C$ password /user:user
Now, I can read and write on the s… Continue reading Remote code execution after a valid SMB (net use) password in Windows?
A web server running iis 10 ,PHP (windows) allows users to upload any type of pdf (the location and filename does not change on the server ). The files uploaded go though some file extension check which I was unable to bypass(I tried addin… Continue reading What can I do with a Pdf upload vulnerability on a CTF server?
I have been trying to solve this challenge for all today and even if it should be really easy i do not manage to find a solution cuz i am a beginner i do not knoe anythign about php, i did not find on internet any similar challenge.
The ch… Continue reading php code injection with blacklist
Is it possible that clicking a link would hack a device?
For example:
injecting a malicious code into the device directly from the link’s host website
connecting to the device remotely in a way through its internet connection
And how to … Continue reading What ways a website could hack a device? [duplicate]
Would a file upload function be vulnerable to code execution where the uploaded file is always converted to a PNG file by the application? For example, if one uploads shell.php and this file is converted into somerandomstring.png, can one … Continue reading Possibility of arbitrary file upload where upload converted to png