Web Information Gathering / Web Vulnerability Analysis
by do son · Published December 2, 2016 · Last modified December 3, 2023
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and...
Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
by do son · Published February 18, 2017 · Last modified October 10, 2021
On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt” file that you found...
Web Exploitation / WebApp PenTest
by do son · Published December 25, 2016 · Last modified October 10, 2021
Introduce The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version...
XSS Attack is the principle of the attacker will be malicious code implanted into the page, resulting in the user browsing the page will be in the trick! XSS can: Steal user, administrator session to...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
Web Exploitation / WebApp PenTest
by do son · Published December 13, 2016 · Last modified February 12, 2018
Introduction sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 21, 2016 · Last modified February 9, 2018
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a mainstream development language has...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published January 2, 2017 · Last modified February 6, 2018
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner. However, in the initial...
Metasploit / Web Exploitation / WebApp PenTest
by do son · Published November 28, 2016 · Last modified January 12, 2018
Introduction Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. There are two implementations of the Apache Axis2 Web services engine –...
