Collaborate Disseminate
First of all,I am new to security as a whole and taking my first formal course on it.So sorry if any major errors are present.
I had a scheme for remote file storage as an attempt to use my course topics:
I have a few google accounts(say … Continue reading Cryptographic File Storage scheme
I have launched a WordPress site for a private group of people. This site serves as a public representational site, but also they make "posts" with "Private" checked, so only logged in users can see those posts. Everyth… Continue reading protect wordpress uploaded files access from non-logged-in users?
I have an ERP portal in our college and it contains our images which size must be less than 20KB ..so when we upload our png file it changes the name of image file to gif.gif
I have tried every possible methods …Please can anyone help me… Continue reading How to Bypass File upload restrictions in asp.net website?
TLDR: Trying to execute commands on site thats got a LFI vuln.
So I am making my post request to my vulnerable site and
import requests
header = {
‘User-Agent’:’Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201′,
… Continue reading LFI php://input returning initial argument?
I have a web application where user can upload and view files. The user has a link next to the file (s)he has uploaded. Clicking on the link will open the file in the browser (if possible) or show the download dialog (of the browser). Mean… Continue reading Prevent Cross Site Scripting but still support HTML file upload
I’m testing a target with osTicket 1.7 for CVE-2017-15580. Instead of getting a shell, I’m trying to get the target to make an HTTP request to a temporary end-point.
My temporary end-point is https://test.free.beeceptor.com and the command… Continue reading CVE-2017-15580: Getting code execution with upload
I’m testing a target with osTicket 1.7 for CVE-2017-15580. Instead of getting a shell, I’m trying to get the target to make an HTTP request to a temporary end-point.
My temporary end-point is https://test.free.beeceptor.com and the command… Continue reading CVE-2017-15580: Getting code execution with upload
I was trying to reproduce this vulnerability:
https://www.exploit-db.com/exploits/49294
According to the explanation, it is possible to bypass a check in a Wordpress plugin by appending a special char after php extension.
I was trying the … Continue reading PHP execution with special characters in the end
I’m testing CVE-2019-14748 on an example.com with osTicket. I’ve uploaded a test.html with the basic <script> and <img> XSS payloads which run when a user opens test.html. However, in Firefox, when I click on the test.html file… Continue reading CVE-2019-14748 but the file is downloaded and open locally – can it be used for XSS?
I need to save very sensitive data from an Excelfile that the user uploads. The data will then be saved to mySQL. All is done in Node.js.
Now I wonder what is the most secure way to upload the file.
Should I use Multer (https://expressjs.c… Continue reading Uploading sensitive data, Should I user memoryStorage (buffer) or save and delete file?