Collaborate Disseminate
I am developing a dApp for my dissertation at University.
As I do not come from a computer science background, I am unsure of security risks, specifically related to the javascript front-end of my dApp. I know about decentralisation and se… Continue reading react.js security from a novice – front-end development security
How does Chrome block all methods of code injection past version 78? It even blocks signed DLLs it doesn’t have in a static list.
Continue reading How does Chrome 78+ block all methods of DLL injection?
If so, is trying to exploit through a time-based injection enough to prove there’s a vulnerability in said site?
I was trying to automatically inject a dll to every process (including GUI) whenever it is started by a user . My DLL hooks DoDragDrop method of winapi and communicates with server to decide allow or disallow the drag & drop process. I… Continue reading AppCertDLLs does not work in GUI apps, why?
I stumbled upon a case where several database entries were updated. And the update is rather unusual.
For example if I have an entry named:
Watermelon
The updated version is:
Watermelon<IMG SRC="/WF_SQL_XSRF.html">
The WF… Continue reading Weird entry in SQL Server database, is this a result of SQL Injection?
I use bettercap2 http proxy and arp spoof to inject one-line js alert into http pages. It works fine, however what about https? I couldn’t find any working method to inject it without the browser’s self-signed warning.
HTTPS allows to impo… Continue reading Javascript injection bettercap2 over HTTPS
I published the following diary on isc.sans.edu: “Python DLL Injection Check“: They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code that, combined with API hooking, implements security checks. If DLLs are
The post [SANS ISC] Python DLL Injection Check appeared first on /dev/random.
How would you have attacked the LDAP vulnerability here?
from flask import request
import ldap
@app.route("/user")
def user():
dn = request.args[‘dn’]
username = request.args[‘username’]
search_filter = "(&am… Continue reading Ldap injection attack example [closed]
In different places (e.g., here), it is mentioned that to detect blind OS command injection using time delays, & ping -c 10 127.0.0.1 & can be used. My question is this: Doesn’t & causes the command to run in the background? So… Continue reading Detecting blind OS command injection using time delays [closed]
If the OS is responsible for ensuring that one process cannot access another process memory space, and the point of process isolation is to keep processes separate from one another, then how can a malicious process perform actions on anoth… Continue reading Process Injection and Process Isolation by OS