Collaborate Disseminate
Abstract
Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures – almost like an anti-virus. In this document, I’ll share the conception a… Continue reading Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
Abstract
Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures – almost like an anti-virus. In this document, I’ll share the conception a… Continue reading Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal test-bed of popular web applications to ensure it remains extremely effective against real-world websites. Most recently we have been testing Burp Suite on Magento, a… Continue reading Using Burp Suite to Audit and Exploit an eCommerce Application
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal test-bed of popular web applications to ensure it remains extremely effective against real-world websites. Most recently we have been testing Burp Suite on Magento, a… Continue reading Using Burp Suite to Audit and Exploit an eCommerce Application
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is extremely easy to mis… Continue reading Server-Side Template Injection
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is extremely easy to mis… Continue reading Server-Side Template Injection
Early last year Gareth Heyes unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘Relative Path Overwrite’. This attack tricks browsers into importing HTML pages as styl… Continue reading Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities