Collaborate Disseminate
I have an requirement for an web application that during login, while submitting login form the password should be transmitted as encrypted but also password manager’s save password pop-up should show non encrypted plain password
Other tha… Continue reading Save password pop-up appears with encrypted password [closed]
I have uploaded a php shell using a file upload vulnerability. But when I hit the .php url after uploading it. It gets downloaded rather than executed. Why is that. And how can I execute my shell code?
This is the URL that it gets uploaded… Continue reading Why does my uploaded shell as .php gets downloaded rather than executed when I hit the URL?
I’m currently playing with cmd.jsp webshells on a Java webapp in tomcat.
This is the request (sending via burpsuite)
PUT /path/cmd.jsp HTTP/1.1
Host: 69.69.69.69
Content-Length: 579
<%@ page import="java.util.*,java.io.*"… Continue reading cmd.jsp – Tomcat – Understanding HTTP Status Code (302)
Recently I came across a website and when clicking on one of hyperlinks it displayed a HTTP 500 error page as shown in the image, which indicated that it is using Java Server Pages and on line 23 the code read as
Connection con = Driverma… Continue reading Backend database username and password revealed in JSP Page
Can this be exploited as XSS vulnerability using urls like localhost/?myVar=<script>alert(document.cookie)</script> or though any other possibility?
<c:set var="myVar" value="<%=request.getParameter(\"… Continue reading Can “c:set” cause Cross Site Scripting (XSS) vulnerability?
I am making 100+ bug bounty tutorials in my channel
hello guys,
I have been working as a cyber security engineer for the last 15 years and decided to make easy YouTube videos for most of QA guys to learn 200+ security issues in 30 hours.
I… Continue reading Free Bug Bounty Tutions 100+ lessons – Suggestions Needed [closed]
ShiftLeft adds support for Java Server Pages (JSP) and Java 11
ShiftLeft Inspect, Protect, and Ocular now support Java 11 and JSP. Organizations can now scan, interrogate, and protect their legacy and modern applications using a single solution.
… Continue reading Protect your legacy and modern applications using a single solution
I’m currently performing a pentest for a client, and through Qualys we found a CVE-2018-2894 vulnerability. Now we are using it as part of the pentest and attempting to exploit it. I followed along with this proof of concept … Continue reading Exploiting Oracle WebLogic server but getting a 404
I have an issue with uploading files to Servlet/3.0 JSP/2.2 (GlassFish Java/Oracle Corporation/1.7)
When I try to upload files in .jsp with this contents : with this content
its tell me to download it , not to open it in se… Continue reading Why i cant upload .jsp files in glassfish server? [on hold]
Expected result
JSP shows string properly and does not activate injections
Actual result
JSP taglib tag activates js
Tried
<c:out value=”<tagobject:labelName/>” />
<c:out value=”${fn:escapeXml(tagobject:la… Continue reading Stored XSS. JSP. taglib tag