Collaborate Disseminate
My client had his wordpress site attacked, his site is not a juici target, the attack consisted in redirecting the site to another site.
That in itself is no surprise, the weird thing is that both the SSH (For context, the site is on a vps… Continue reading Dreamhost hosted wordpress site attacked – SSH password was changed – Need help assesing attack vector
Numerous websites allow us to build and execute C code from web browsers (repl.it, onlinegdb.com, ideone.com…). For my own application (education purposes) I would like to do the same on my web backend.
My current solution is to use an A… Continue reading Build and execute code on a sandboxed environment?
Using sqlmap I was able to gain access to one database and using –current-user and –privileges. I can confirm that the user is root@localhost with full privileges.
The part I have problem with is that I don’t understand how the –os-shel… Continue reading Paths in web servers
We’re manually reading HTTPD log files and taking note of service abuse.
Example:
10.0.0.1 – – [01/Jan/1970:00:01:01 -0100] "GET /fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
…
10.0.0.2 – – [01/Jan/1970:00:01:10… Continue reading Is there a utility that identifies attack footprints in HTTPD log files? [duplicate]
We’re manually reading HTTPD log files and taking note of service abuse.
Example:
10.0.0.1 – – [01/Jan/1970:00:01:01 -0100] "GET /fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
…
10.0.0.2 – – [01/Jan/1970:00:01:10… Continue reading Is there a utility that identifies attack footprints in HTTPD log files? [duplicate]
I’m not a crypto/security expert and have designed an architecture for encryption/decryption. I’m not sure if its full proof and want to know what people use as industry standard?
I’m trying to perform encryption/decryption in RESTful api … Continue reading How to perform encryption/decryption in a RESTful system?
I would like to upload a video to a video hosting platform (like Youtube or Vimeo) and then embed the video to a website.
However, I found out that embedding a video from such platforms is not fully GDPR-compliant, even if no cookies are u… Continue reading Video hosting platform that is GDPR compliant [closed]
I was researching fuzzing using AFL and hongofuzz and they mainly support applications that run in the terminal. After that I came across a list of resources for network fuzzers, and found afl-net which was well maintained. I tried using a… Continue reading How can I fuzz a http server?
I have a question about the outlook.com. Can it be considered as a website or a web application? Or it can be considered as both?
Continue reading outlook.com : a web application or a website? [closed]
Say you have the following files/folder in your webserver:
public_html/index.html
public_html/test/index.html
public_html/test/foo-randomString.jpg
For an average user, foo-randomString.jpg can’t be seen unless they know the exact filena… Continue reading Can a web crawler still see files in a directory even with an index file? [closed]