Collaborate Disseminate
I have a java web app. I’m using OWASP Java Encoder to encode for html, javascript and url components to mitigate reflected XSS. I’m new to this so I’m not sure on how to test on my web app for the following scenarios where there’s no dire… Continue reading How do I test for Reflected XSS in webpage titles, url parameters and javascript variables?
There used to be a really bad joke from the internet where you would copy something starting with \x0B\x2E… (just an example) and when you execute this command the terminal would interpret it as sudo rm -rf /.
How do you do this kind of … Continue reading How do you execute ls -la when encoded as hex?
I scanned a qr code and got this info:
GreenPass#36A223C7#ew0KICAicGFzc2VzIjogWw0KICAgIHsNCiAgICAgICJpZCI6ICIzMzA3NzkyOTkiLA0KICAgICAgImV4cGlyYXRpb25EYXRlIjogIjMwLjA2LjIxIDAwOjAwIg0KICAgIH0NCiAgXQ0KfQ==
I figured out that the # is a separ… Continue reading Need help decrypting a text [closed]
I am getting Validation.EncodingRequired for this code
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
FileUploadForm uploadForm = (FileUpl… Continue reading Validation.EncodingRequired CWE 116 by appscan
I am black-box testing a video streaming website. They have 2 kind of IDs for videos. internal_id and external_id.
I need to find a way to enumerate internal_id but cannot guess what kind of ID this website is using.
Example:
video 1: inte… Continue reading GRZXW5EDY – Does anyone recognize what kind of hash/id is this? [duplicate]
I recently discovered the problem with Percent-encoding.
It makes perfectly sense when we are dealing with such problem in a browser scenario. But I don’t get why a software like WinSCP can be affected by the same issue.
In my opinion the … Continue reading Percent-encoding in WinSCP in SFTP password, why?
). decodes to number 10626
%. decodes to number 9480
*. decodes to number 10887
.. decodes to number 7658
I need help to understand the encoding used here.
Continue reading identify the type of encoding method used here? [duplicate]
Several answers on StackOverflow suggest that a C# object can be passed to JavaScript in ASP.NET MVC by the following:
<script type="text/javascript">
var obj = @Html.Raw(Json.Encode(Model));
</script>
This is vu… Continue reading Passing a C# object to Javascript in ASP.NET MVC
I’m making a web penetration test, so I trying to exploit a XSS, I’ve looked that if I use a payload like the following:
<script>alert(document.domain)</script>
The output in the page will be
<script>alert(docume… Continue reading Exploit an XSS without <> and valid encoding
I am working on a challenge that involves getting code execution on a Ruby application hosted on Nginx. One of the ruby controllers seems to have been using unsanitized user input as part of the send() method which leads to arbitrary code … Continue reading Command substitution for code execution via Ruby’s send() method