XVWA :Web Application Hacking Lab in kali linux
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed...
Category: Web Exploitation
SQLmap POST request injection
SQLmap POST request injection Sometimes SQL injection attacks are only successful with HTTP post methods. In this post, I am going to demonstrate the easiest way is to deploy a...
Two ways to upload WebShell through SQLi
From SQL injection to RCE Once a MySQL database server has been compromised at the root level, it’s often possible to escalate this access to full system level access. In...
Xpath: detecting and exploiting error-based injection security
What is XPath? XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An...
SQL injection: bypass WAF using tamper script on SQLmap
WAF (web application firewall) has become one of the standard security solutions. It is because of it, many companies do not care even have a web application vulnerabilities. Unfortunately, not...
Top 25 useful sqlmap commands
Some usefull sqlmap command for testing SQL injection vulnerability. 1.Analyzing the current user is dba python sqlmap.py -u “url” –is-dba -v 1 2) — users: user list database management system...
SQL Injection Cheat Sheet
Undoubtedly one of the most famous and important in the world of Hacking and PenTest attacks are SQL injections , this is because the vast majority of systems use managers...
XSS Jacking: new XSS attack that combines hijacking, Self-XSS, copy and paste hijacking
XSS Jacking is a new XSS attack by Dylan Ayrey that can steal sensitive information from the victim. XSS Jacking requires three paired with other technologies, are clicking hijacking, hijacking...
Cookie hijacking attack
HTTP is a stateless protocol, in order to maintain and track the user’s state, the introduction of the Cookie and Session. Cookie First introduced with Netscape 0.9 on October 13,...
WordPress 4.7.2 Cross-Site Scripting (XSS) via Taxonomy Term Names
Recently, WordPress team is published WordPress version 4.7.3. This version fixed some errors that existed in previous WordPress versions. On this post, I am going to analysis WordPress 4.7.2 Cross-Site...
XPath Injection & Blind XPath Injection Vulnerability
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially...
Unauthorized Access Vulnerability in Memcached
What is Memcached? Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load....
Buffer overflow attack
On the previous post, I introduced to you the concept of buffer overflow. On this post, I am going to guide you how to find and exploit buffer overflow vulnerability....
Some technique to bypass waf for uploading Shell on webserver
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most...
Exploiting PUT method for uploading WebShell
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...
