Web hacking

If you are already familiar with XML and DTD, feel free to skip to the fun part. What is XML? XML is a shorthand for eXtensible Markup Language which is a very simple but flexible text format used to electronically share structured data via the internet. XML is a markup language based on SGML - a language which is describing other languages. How does it work? XML is very strict about formatting, meaning that if the formatting is off, programs that rely on it will return an error....

What is Unicode? Unicode or formally Unicode Standard is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world’s writing systems. Representation For example, “A” is mapped to U+0041, and “a” is mapped to U+0061. Unicode characters exist from U+000000 to U+10FFFF (there are more than a million symbols). Unicode divides all these possible symbols into “planes”, the best known is the BMP (Basic Multilingual Plane) that goes from U+0000 to U+FFFF (it is the Unicode plane number 1, there are 16 more, called “astral planes”)....

Never trust the user input! Introduction Uploaded files can pose a significant risk to web applications which means the security side of file upload forms must be at the maximum level. During penetration testing engagements, you may have seen unrestricted file uploads which can quickly grant you RCE, but it’s not always that easy. In some cases you have to bypass certain restrictions and trick the target application into uploading your malicious shell....