Collaborate Disseminate
I’ve been tasked to do a black box web app pentest. There are some part of the site that require Flash 11.
I’ve tried with ruffle firefox extension, but it doesn’t seem to support this version. What would you do in this situation? Is there… Continue reading How to pentest an old Flash application?
I’m exploiting an SSTI (server-side template insertion) vulnerability in a website written in flask-python.
My problem is that payload for RCE is being limited by blacklist.
I tried everything with a document that I found to be hyper-detai… Continue reading Ignore blacklist characters and keywords in SSTI exploit payload
I am trying to understand what does SOP mean? If there are two sites such as example1.com and examole2.com what are the dangers can one of them cause to the other? Like stealing what, received what?! So SOP exists to prevent that catast… Continue reading Benefits of same origin policy
I understand the crackme I am researching is from 2007, however this was the point in my life when I initially became interested in reverse engineering and wish to complete it for nostalgia sake. Following on from this question, I intend t… Continue reading Some introductory reverse engineering help on finding a string
I am looking for an automated tool to identify client-side and server-side template injection vulnerabilities in a Web application which uses AngularJS.
This type of vulnerability is not currently detected by the tooling I currently use. … Continue reading What automated tools can be used to identify template injection? [closed]
When conducting an external pentest and the scope is broad covering everything owned by the client, how would you verify if the enumerated IP addresses belong to a client? Running ‘nslookup’ on the IP doesn’t always return anything and in … Continue reading Verifying IP addresses during pentest
I want to improve myself in Android penetration testing. For this task i need to learn reversing the native libraries of an APK file to detect vulnerabilities. What is the best way and resources for my task?
Continue reading How to reverse android native libraries? Best resources? [migrated]
I am looking for a automation tool for identify client-side and server-side template injection. I tried using some tools to detect, but none of them detects it in the scanning. So I had to check it by manually using payloads. Web applicat… Continue reading What are the automation tools that can be used to identify template injection? [closed]
Summarize the problem
The goal of this project is to automate burp suite penetration tests.
Provide details and any research
I have familiarized my self with the burp suite framework. I use the standard workflow:
crawl the site.
The goal of this project is to automate burp suite penetration tests.
I have familiarized myself with the burp suite framework. I use the standard workflow:
crawl the site.
use the http history to find relevant requests.
use the repeater … Continue reading Automating Penetration Tests [closed]