Articles

Often abbreviated to CSRF and often pronounced as “Sea-Surf” is an attack against a Web Application that abuses an application’s trust in the user. A threat actor’s aim is to cause a function to execute on the application using the user’s authentication credentials simply by causing the user’s browser to ...

So by default SOP won’t allow bi-directional communications between two separate origins, however as applications scale up there may be a requirement to allow this kind of thing. Think of companies such as Google, who also owns YouTube – or Microsoft who also owns Outlook and Skype. They may well ...

HTML5 PostMessages (also known as: Web Messaging, or Cross Domain Messaging) is a method of passing arbitrary data between domains. However if not implemented correctly it can lead to sensitive information disclosure or cross-site scripting vulnerabilities as it leaves origin validation up to the developer! Pages can send messages with ...

Effectively filtering user input is one of the best ways to prevent an awful lot of web application vulnerabilities. There are several ways to approach this, each with their own pros and cons so I’ll run through them here and then you can think of the best way to combine ...

Following a successful penetration test, you may have large amounts of data to exfiltrate from an environment specifically hardened to make it difficult to exfiltrate data. For example, the network might have a firewall that explicitly blocks common exfiltration methods – such as SSH, HTTPS, HTTP. It is common that ...

I recently wrote an introduction to PenTesting an AWS Environment. A sensible place to start given that I included that in Q1 of 2018 Amazon holds a 33% market share in cloud whereas Microsoft only holds 13%. However I did want to add a few notes that are specific to PenTesting ...

# Comments # /* Comment */ — – ;%00   # Version SELECT VERSION(); SELECT @@VERSION; SELECT @@GLOBAL.VERSION;   # User details user() current_user() system_user() session_user() SELECT user,password FROM mysql.user;   # Database details SELECT db_name(); SELECT database(); SELECT schema_name FROM information_schema.schemata; # Database credentials SELECT host, user, password FROM mysql.user;   # Server ...

# Comments /* Comment /* — – # Version SELECT @@VERSION; SELECT version(); # User details current_user() suser_name() system_user() # Database details SELECT db_name(); # Database credentials SELECT name, password_hash FROM master.sys.sql_logins SELECT name + ‘-‘ + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins # Server details SELECT host_name(); # Table Name SELECT name ...

Password rotation has previously been included within best practice guides as a method of minimising the risk of compromised passwords being valid at the time a threat actor attempts to use them. Recent research has indicated that the enforcing password rotation is linked to increased risk of weak passwords, due ...