Collaborate Disseminate
In an intentionally vulnerable lab used for studying noSQL injection, the specific case of $where is the topic of this question:
code:
let username = req.query.username;
query = { $where: `this.username == ‘${username}’` }
User.find(query,… Continue reading nosql injection with $where [closed]
In my security course, I have to create an attack that will steal the victim’s username and password, even if the victim is diligent about only entering their password when the URL address bar is correct. The solution needs to be an HTML d… Continue reading How to perform XSS attack on site using htmlspecialchars
I saw someone doing this in a php shell injection:
test | cat /var/backup/secret.txt
Why are they using test |? How is that not useless here?
Continue reading Why would you use the command `test` in a php shell injection?
Can someone please explain what is meant by the following analysis provided in the overview section of the OWASP Top 10 A03:2021 – Injection page:
Injection slides down to the third position. 94% of the applications
were tested for some f… Continue reading What does OWASP mean by max incidence and average incidence rate?
Rather primitive Malware using Python3 and similar already available software on the victim’s machine (which can also be compiled using PyInstaller/pycom if not) has the capability to override the user’s processes in memory while they’re r… Continue reading Can malware override and execute any memory location or it has to be specific?
I am learning pentesting, currently studying Server Side Template Injection. I understood there are two types of SSTI – plaintext context and code context – but struggle to understand what exactly is the practical difference between them.
… Continue reading Server Side Template Injection (SSTI): Difference between plaintext context and code context?
Is it possible to extract other collections that exists in the database?
Let’s say I have 2 collections in the database, they are:
1.users
2.posts
Also we assume the users collection is vulnerable to NoSQLi. In an SQL Injection attack we … Continue reading MongoDB NoSQL Injection extract collections
Assume an Apache server (http, no authentication just hosting static files) is running in my local network which is hosting some zip files. Assume User A is requesting a zip file from the Apache server. Is it possible for User B on the sam… Continue reading Ways to inject malicious content during a HTTP file transfer
I today found some files created and deleted and edited on my website. I don’t know how it is done. But I know it can be done by some PHP Functions like :
mkdir(‘Folder’); file_put_contents();scandir();…
But these codes only execute if … Continue reading Running PHP commands on my website from a form input
Recently, one of my services received a query where the JSON payload contained the string <an-arabic-character>\u0000bՕR. The service handled it gracefully so no real harm was done, but am I right to be suspicious of this activity ?
… Continue reading Is a user query containing the string "\u0600\u0000bՕR" suspicious/malicious?