Collaborate Disseminate
I have a web application vulnerable to SQL injections. I’m using BurpSuite to intercept the requests. More specifically, the data variable below is vulnerable. I added my own data to aggregates and filters:
data=[{
“param… Continue reading SQL Injection on POST JSON request
I have an HTML page with this bit of code in it:
<div>
<div id=”login-container”
class=”login-container”>
<login-page params=”{"redacted":"redacted"}”></login-page>
<… Continue reading How to exploit escapable JSON parameters
I have a “password change” form that could be injectable. However, I can’t find a way to use SQLmap in this case.
Here is the legitimate POST request:
POST http://localhost/api/passwordchange
…
Cookie: …
Connection: … Continue reading Inject the same JSON payload twice – SQLmap
Huawei stamps out four high-severity bugs impacting 20 server models ranging from its XH, RH and CH lines. Continue reading Huawei Patches Four Server Bugs Rated High Severity
I have a pretty complicated case where I try to perform a stored XSS attack when uploading a jpg file with malicious filename.
Whitespace is being filtered but it seems single and double quotes along with < > are not filt… Continue reading XSS breaking out of JSON.parse and href attribute
I am trying to have something like JWT but kinda ad hoc and encrypted. The token itself is simply a stringified JSON that contains the user id and unix timestamp. Now, I tried to use AES-128-GCM, however I did some simple mod… Continue reading AES-CBC then SHA vs AES-GCM for encrypting and authenticating a web token
I guess the gist of my question is: Are there cases in which CBC is better than GCM?
The reason I’m asking is that from reading this post by Matthew Green, and this question on cryptography stack exchange, and this explanation of an attac… Continue reading Why would I ever use AES-256-CBC if AES-256-GCM is more secure?
Mobile apps leak personal data via insecure ads that transmit ad-targeting data insecurely. Continue reading Millions of Apps Leak Private User Data Via Leaky Ad SDKs
ZAP provides a way to turn a login (POST) request into a logging pattern (through the “mark as …” in context menu).
When the data is something like “user=toto&psswd=t@T°”, it will translate it into
“user={%username%}… Continue reading Provide json post data in form based authentification
I’m trying to start learning about pentesting, and for my first self-learning project, I want to intercept communication between a client (Laptop) and a server (Ubuntu). They are communicating through TCP using JSON-RPC objec… Continue reading How can I use a MitM attack to modify intercepted contents on the fly? (educational)