XSS payload encoding
From the little I know, the default encoding for GET and POST parameters is the so called URL encoding. In the BURP Intruder tab for instance you can configure which characters within the payload should be URL-encoded.
Category Archives: encoding
How is character encodings used to bypass XSS sanitizers?
I read in different blogs that PHP htmlspecialchars() function has certain problems when one does not give the expected charset as an optional parameter.
Can someone explain some basic stuff about XSS exploits that arise fro… Continue reading How is character encodings used to bypass XSS sanitizers?
Decoding requests from potentially malicious Android app
I have recently been doing some security evaluation work on our Android applications, by proxying all the communication through Burp Suite.
I noticed one of our devices was sending requests to a domain I did not recognise, o… Continue reading Decoding requests from potentially malicious Android app
Is it possible to "encode" a bash sentence?
I was recently solving a CTF challenge that I found quite strange, first of all I have been given a chain of characters that no matter how hard I try to find an answer I can not find it, I am going to publish part of that cha… Continue reading Is it possible to "encode" a bash sentence?
Would using a QWERTY keyboard with DVORAK output cause keylogger to log DVORAK?
I have QWERT keyboard, but I have set the keyboard settings in Windows to DVORAK. So if I type “test” it comes out as “y.oy”. Would the key logger log “test” or “y.oy” in its records?
Continue reading Would using a QWERTY keyboard with DVORAK output cause keylogger to log DVORAK?
Would using a QWERTY keyboard with DVORAK output cause keylogger to log DVORAK?
I have QWERT keyboard, but I have set the keyboard settings in Windows to DVORAK. So if I type “test” it comes out as “y.oy”. Would the key logger log “test” or “y.oy” in its records?
Continue reading Would using a QWERTY keyboard with DVORAK output cause keylogger to log DVORAK?
AngularJS Sanitize function vs. server-side output encoding
I mainly audit web applications and provide the companies with security countermeasures and recommendations. Currently, I have an issue with giving a correct recommendation when it comes to AngularJS Sanitize function against… Continue reading AngularJS Sanitize function vs. server-side output encoding
Bypassing browsers URL encoding to do reflected XSS from query parameter?
I tried to get reflected XSS in vulnerable website with a request to the following URL:
https://vulnerable.website/dir/dir?param1=test”><svg/onload=alert(1)>
The browser URL encode the chars and it is also reflected back in the… Continue reading Bypassing browsers URL encoding to do reflected XSS from query parameter?
Phishing email with encoded url params
I received a phishing email with the following format:
hxxp://<%legitimateSite%>/~!@%23$%25%5e&()_+~!@%23$%25%5e&()+~!@%23$%25%5e&*()+~!@%23$%25%5e&()_+~!@%23$%25%5e&()+~!@%23$%25%5e&*()+~!@%23$… Continue reading Phishing email with encoded url params
Is it possible to do a Code Cave on DLLs?
I was wondering if it is possible to do a Code Cave on DLLs rather than .exe files? If yes, how?