[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
by do son · Published February 18, 2017 · Last modified October 10, 2021
On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt” file that you found...
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published February 13, 2017 · Last modified July 28, 2017
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially constructed information to the...
Table of contents Chapter I::: SQL Injection: What is it? SQL Injection: An In-depth Explanation Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and...
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal user, administrator session to...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified February 6, 2018
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner. However, in the initial...
Metasploit / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified July 27, 2017
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source[2] Metasploit Framework, a...
Web Exploitation / Web Maintaining Access / WebApp PenTest
by do son · Published December 27, 2016 · Last modified September 1, 2017
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most direct and effective, and...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified October 10, 2021
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 24, 2016 · Last modified July 28, 2017
Burp Suite is an integrated platform for attacking web applications. It contains a number of tools, and for these tools to design a number of interfaces to accelerate the process of attacking the application...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 22, 2016 · Last modified December 12, 2017
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”);...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified February 9, 2018
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a mainstream development language has...
Exploitation / Information Gathering / Maintaining Access / Network PenTest / Post Exploitation / Vulnerability Analysis / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified August 1, 2017
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality...
Web Exploitation / WebApp PenTest
by do son · Published December 13, 2016 · Last modified February 12, 2018
Introduction sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many...