[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
by do son · Published February 18, 2017 · Last modified November 4, 2024
On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt”...
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 13, 2017 · Last modified July 28, 2017
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially...
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified November 4, 2024
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner....
Metasploit / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified November 4, 2024
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open...
Web Exploitation / Web Maintaining Access / WebApp PenTest
by do son · Published December 27, 2016 · Last modified September 1, 2017
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified November 4, 2024
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 24, 2016 · Last modified November 4, 2024
Burp Suite is an integrated platform for attacking web applications. It contains a number of tools, and for these tools to design a number of interfaces to accelerate the process...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 22, 2016 · Last modified November 4, 2024
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified November 4, 2024
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a...
Exploitation / Information Gathering / Maintaining Access / Network PenTest / Post Exploitation / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified August 1, 2017
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it...
Web Exploitation / WebApp PenTest
by do son · Published December 13, 2016 · Last modified November 4, 2024
Introduction sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 12, 2016 · Last modified November 4, 2024
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress...