SMTP Injection attack

Mail Command Injection is an attack technique used to exploit mail servers and webmail applications that construct IMAP/SMTP statements from user-supplied input that is not properly sanitized. an attack technique that injects attacker-controlled SMTP commands into the data transmitted from…

Server-side HTTP Redirection

Server-side redirection vulnerabilities arise when an application takes user controllable input and incorporates it into a URL that it retrieves using a backend HTTP request. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could…

Basics of Path Traversal

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems,…

Basic Command injection

Command injection is one of the top 10 OWASP vulnerability. it’s an attack in which arbitrary commands of a host OS are executed through a vulnerable application. The attack is possible when a web application sends unsafe user data to…

Basic XPath Injection

XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data XPath is a standard language. When using XML for a web site it is common to accept some form of input…

Blind SQL injection

Blind SQL injection arises when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. With blind SQL injection vulnerabilities, many techniques…

Bypass 30X redirect with BurpSuite

The HTTP response status code 302 Found is a common way of performing URL redirection. Permanent redirections These redirections are meant to last forever. They imply that the original URL should no longer be used, and replaced with the new…

Reverse shell on any CMS

This trick works on any CMS you access. In case, you get the credentials either by brute force, disclosure, etc. This example uses Joomla! CMS Hacking Steps 1. Having access to the account and being able to edit the template…

Testing LFI to RCE using auth.log (SSH) poisoning with Mutillidae & BurpSuite

https://wiki.owasp.org/index.php/Testing_for_Local_File_Inclusion The File Inclusion vulnerability allows an attacker to include a file within the system, this happens due to bad handling of user input. Local File Inclusion (also known as LFI) is the process of including files, that are already…

Access control RFI & Reading file function exploitation + reverse shell with Mutillidae and BurpSuite

This time we will be exploring RFI and read file explorer https://wiki.owasp.org/index.php/Testing_for_Remote_File_Inclusion RFI Remote file inclusion allows an attacker to include file remote (from the web servers point of view) possibly allowing code execution, denial of service, and data disclosure.…

Access control: Account highjacking with Mutillidae

This happens when a cyber-criminal controls somebody else’s account by using credentials (session ID, username number, etc.) In this example I will demonstrate this technique using Mutillidae, we’ll create 2 accounts and highjack it. OWASP 2017 - “A5 - Broken…

Session Management DVWA

Log in to DVWA admin/password, Session IDs have 4 levels (low, medium, high, impossible) We will first inspect the low one. So, set the level to low Low This script is very basic and unsecure, due to the session ID…

Attacking & Securing Session Management

I am writing this based on OWASP and the book “The Web Application Hacker’s Handbook”. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html Introduction The HTTP protocol is essentially stateless. It is based on a simple request-response model, in which each pair of messages represents an independent…

Testing Web application authentication tips

This is a summary of some tips from “The Web Application Hackers Handbook” to test authentication mechanisms as well as recommendations for securing it, it think that book is a great resource for learning web app pentest. Brute-Forcible Login 1.…

Advanced SQL Injection: Union based

When an application is vulnerable to SQL injection and the results of the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL…

Basics of SQL Injection

Basic of SQL for SQL Injection In this Tutorial we will discuss some basics of SQL queries and concentrate on queries and basics which will help us while different Phases of Injection. This will be like a crash course of…