Collaborate Disseminate
I have code which execute passwd command on redhat os. My question is can is inject command in password? This is interactive com
Continue reading Does passwd is command injection vulnerable [closed]
I am trying to write a DLL injector to perform a DLL injector on a calculator process.
I wrote the DLL injector program in C and the DLL but the injector doesn’t inject the DLL or any other DLL (I tried to take some random w… Continue reading DLL injector in C doesn’t inject the DLL
This is a theoretical question. I just watched a certain video in which the author apparently unmasks a chatbot AI that is likely trying to harvest data and spread influence in a cult-like manner on a given social network. Th… Continue reading "Reflected XSS"-like attack on chatbot AI
Recently, I found an iframe injection vulnerability on a website. This website allows users to create projects and name them. So I successfully injected an iframe on the naming function that can redirect me to a malicious web… Continue reading What to consider for determining something as a security flaw?
I have a scenario with 2 sites. Site 1 is mysite.com and Site 2 is secondurl.com.
Site 1 is using Wordpress. There, I did a Javascrit/jQuery routine that checks if a given url parameter comes in. If the parameter “p” exists… Continue reading URL parameter manipulation and injection
Can someone give me hint for high level in html injection on swap? Because I don’t know where should I look or what should I do. I read somewhere that it is not possible to solve, somewhere else I read said that it is possibl… Continue reading Can someone give me hint for high level in html injection on bwapp? [on hold]
I’m currently developing a web service that takes user input and passes it to a bash script as an argument.
I know that without sanitizing this allows for remote command execution. So I want to know if alphanumeric strings … Continue reading Are alphanumeric strings safe to pass to a bash script?
Is Server-Side Includes injection really common vulnerability? And how can I detect it – is there some way like automatic tools or some kind of fingerprint test or do I have to just play with input?
Continue reading Is Server-Side Includes injection really common vulnerability?
I am writing a python script, Gestioner.py, which checks for some service CLI commands and validates them if they are suppported or not.
I am also trying to develop a test harness to verify and test such possible security a… Continue reading User’s CLI input validation for filtering out injection attacks
I was testing the website example.com and found a form vulnerable to XML Injection. It send the details you insert into that form as xml attachment via email to my email address and also to administrators CMS as email. It wor… Continue reading How can i turn this xml injection into a valid XXE?