injection – Page 2 – WindowsTechs.com

My hosting has no content, but shows error – requested an insecure script ‘http://cdn.jsinit.directfwd.com/sk-jspark_init.php

Posted on September 16, 2024 by user3099225

I have recently bought a hosting and hosted my php site, but after hosting site was not loading and showing a round loading image. I thought my files were infected, so I checked on console and I got this error – mixed content error, reques… Continue reading My hosting has no content, but shows error – requested an insecure script ‘http://cdn.jsinit.directfwd.com/sk-jspark_init.php→

Is this code vulnerable to injection?

Posted on August 26, 2024 by gquere

I’m reviewing code which apparently ignores all security standards but doesn’t seem to be exploitable due to its peculiar construction. The first stage is a Java Spring application and the name parameter is fully user-controlled.
String cm… Continue reading Is this code vulnerable to injection?→

Securing Transactional Email: User Input Escaping for a email subject

Posted on July 25, 2024 by Demian

In our ongoing efforts to ensure secure transactional email delivery, we prioritize user input escaping. This practice mitigates potential vulnerabilities like HTML injection attacks.
We leverage the i18next library (https://www.i18next.co… Continue reading Securing Transactional Email: User Input Escaping for a email subject→

sqlmap –dump csv file output problem for Large database

Posted on May 15, 2024 by Solo

Is there any way to save half dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean based blind injection vulnerable. For sure this injection takes hell of a time for large… Continue reading sqlmap –dump csv file output problem for Large database→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server process this request and pings interac… Continue reading Command Injection in URLs. Are response codes foolproof indicator of true/false positive?→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Library to securely expose query language to end user?

Posted on April 26, 2024 by curious-bunny1

I have a DB that I would like to expose to end users for flexible search through their data. Currently using Elastic, but not tied to that: I can internally transform the data in any way to enable secure, flexible querying.
What I’m curiou… Continue reading Library to securely expose query language to end user?→

Can a USB stick be made to automatically hack a system?

Posted on April 24, 2024 by Julius Santiago

I am a cybersecurity professional who is interested in researching the field of injectables.
Does a device exist, or can be made, that if plugged into a computer would instantly start attacking the computer to tear down password barriers a… Continue reading Can a USB stick be made to automatically hack a system?→

CMDi in Juice shop(docker)

Posted on February 23, 2024 by JellySheep

Does anyone know how to access the server command line and execute commands remotely in OWASP Juice Shop?
Tried to find something with Burp Suite and I did not find any information on the Internet about this particulate matter.

Continue reading CMDi in Juice shop(docker)→

CMDi in Juice shop(docker)

Posted on February 23, 2024 by JellySheep

Continue reading CMDi in Juice shop(docker)→