Collaborate Disseminate
Web Server : Oracle WebLogic 10.35
Machine : Oracle Linux Server 3.8
I was able to partially exploit this CVE. I can execute any command on server using HTTP request and redirecting its output to a file i.e
cat /etc/passwd > /tmp/succes… Continue reading Post Exploitation in Oracle web logic server 10.35 (Oracle Linux Server 3.8)
Sqlmap says "found x targets, y of them are testable". What makes a testable target for sqlmap?
There are functions like MD5 and SHA2 in MySQL which can be used to hash values before putting them into the database, or when searching over values.
As I proposed a possible solution in a comment to this answer to a question, I was told t… Continue reading What are the threats of using hashing functions that are built into the DBMS? (besides man-in-the-middle attacks)
What are the practical differences between them? i.e. a parameter referred to as being "dynamic" and "not dynamic"?
Continue reading What’s the difference between dynamic and static parameters in Sqlmap?
I was watching this video https://www.youtube.com/watch?v=Qm7k1CPFkIc about how to steal passwords and the guy mentioned that you can use shodan.io (a site that lists various devices connected to the internet) to find a database you can ea… Continue reading Do web-hosting sites like Heroku or Railway expose your database?
I have a key-value database that uses asymmetric RSA-OAEP encryption to encrypt the data. The data is stored in tuples of (public key, encrypted data). The user identifies their data by the public key, and decrypts it with their private ke… Continue reading Are there any downsides to publically available encrypted data?
Imagine a mobile app that connects to an API server.
Disclaimer
I’m not sure if RSA is the right technique for this, please feel free to recommend alternatives.
The goal
The backend/database super users should not be able to recognize pers… Continue reading Encrypted user data and storing hashed RSA keys on the server for backup reasons
I have a Postgres database hosted in AWS RDS. The rest of my application is also hosted on AWS.
The database migrations, like adding a new column, are done by Prisma, a node package. The pipeline is on GitHub Actions.
There I run npx prism… Continue reading AWS RDS Database access from Github Actions
We have our dev & prod env split between AWS (databricks workspaces) and on-prem Linux boxes. Specifically, we have DB instances on-prem and have python code running inside our databricks workspace in AWS that reads/writes to the DB.
W… Continue reading Is is bad that on-prem "prod" DB is accessible/visible from in-cloud dev environment?
I’m developing an ASP.NET Core 7 MVC Web App. I’m using ASP.NET Core Identity library to manage user and role data. I am considering using SQLite for keeping Identity information, separate from my actual database which is a PostgreSQL data… Continue reading How Secure Is It to Use SQLite for Identity Storage in a Web App