Exploiting pChart 2.1.3 (Directory traversal & XSS)

PHP library pChart 2.1.3 (and possibly previous versions) by default contains an examples folder, where the application is vulnerable to Directory Traversal and Cross-Site Scripting (XSS). This has been taken from (https://www.exploit-db.com/exploits/31173) Exploiting Directory Traversal 1. Visiting the application at (http://192.168.0.18/pChart2.1.3/examples/index.php), we get to the examples folder. 2. This tool Read more…

SMTP Injection attack

Mail Command Injection is an attack technique used to exploit mail servers and webmail applications that construct IMAP/SMTP statements from user-supplied input that is not properly sanitized. an attack technique that injects attacker-controlled SMTP commands into the data transmitted from an application (typically a web application) to an SMTP server Read more…

Server-side HTTP Redirection

Server-side redirection vulnerabilities arise when an application takes user controllable input and incorporates it into a URL that it retrieves using a backend HTTP request. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a Read more…

Basics of Path Traversal

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files. In some cases, an attacker Read more…

Basic Command injection

Command injection is one of the top 10 OWASP vulnerability. it’s an attack in which arbitrary commands of a host OS are executed through a vulnerable application. The attack is possible when a web application sends unsafe user data to the system shell function within the running script. This user Read more…

Blind SQL injection

Blind SQL injection arises when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. With blind SQL injection vulnerabilities, many techniques such as UNION attacks are not effective, because they rely Read more…

Access control RFI & Reading file function exploitation + reverse shell with Mutillidae and BurpSuite

This time we will be exploring RFI and read file explorer https://wiki.owasp.org/index.php/Testing_for_Remote_File_Inclusion RFI Remote file inclusion allows an attacker to include file remote (from the web servers point of view) possibly allowing code execution, denial of service, and data disclosure. Since RFI occurs when paths passed to “include” statements are Read more…

Attacking & Securing Session Management

I am writing this based on OWASP and the book “The Web Application Hacker’s Handbook”. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html Introduction The HTTP protocol is essentially stateless. It is based on a simple request-response model, in which each pair of messages represents an independent transaction. applications use HTTP cookies as the transmission mechanism for Read more…