[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
Tagged: web app
Auto Web Application Penetration Testing: Vulnerability Scanning
On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt”...
Auto Web Application Penetration Testing: Intelligence Gathering
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains...
XPath Injection & Blind XPath Injection Vulnerability
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially...
How to Prevent Cross-Site Scripting (XSS) Attacks
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal...
What is Server Side Template Injection (SSTI)?
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner....
WMAP: Web Vulnerability Scan on Metasploit
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open...
Some technique to bypass waf for uploading Shell on webserver
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most...
Exploiting PUT method for uploading WebShell
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered...
The Top 8 Burp Suite Extensions
Burp Suite is an integrated platform for attacking web applications. It contains a number of tools, and for these tools to design a number of interfaces to accelerate the process...
Finding and exploiting Cross-site request forgery (CSRF)
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of...
jsprime: a javascript static security analysis tool for finding DOM-XSS
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a...
Penetration Testing in the Real World
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it...
Using sqlmap with Google Dork for exploiting sql injection
Introduction sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a...
Vane: open source WordPress Vulnerability Scanning
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress...
