XML External Entity Injection
If you are already familiar with XML and DTD, feel free to skip to the fun part. What is XML? XML is a shorthand for eXtensible Markup Language which is a very simple but flexible text format used to electronically share structured data via the internet. XML is a markup language based on SGML - a language which is describing other languages. How does it work? XML is very strict about formatting, meaning that if the formatting is off, programs that rely on it will return an error....
Unicode normalization vulnerabilities
What is Unicode? Unicode or formally Unicode Standard is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world’s writing systems. Representation For example, “A” is mapped to U+0041, and “a” is mapped to U+0061. Unicode characters exist from U+000000 to U+10FFFF (there are more than a million symbols). Unicode divides all these possible symbols into “planes”, the best known is the BMP (Basic Multilingual Plane) that goes from U+0000 to U+FFFF (it is the Unicode plane number 1, there are 16 more, called “astral planes”)....
Bypassing file upload restrictions
Never trust the user input! Introduction Uploaded files can pose a significant risk to web applications which means the security side of file upload forms must be at the maximum level. During penetration testing engagements, you may have seen unrestricted file uploads which can quickly grant you RCE, but it’s not always that easy. In some cases you have to bypass certain restrictions and trick the target application into uploading your malicious shell....
Simple Code Analysis
In today’s blog post I’ll be doing a simple source code analysis of vulnerable web blog made by PentesterLab. It’s a basic PHP web app for learning white box testing, meaning that we have access to all of source code. Analysis The first thing I’ll be looking into is index.php file: <?php $site = "PentesterLab vulnerable blog"; require "header.php"; $posts = Post::all(); ?><div class="block" id="block-text"> <div class="secondary-navigation"> <div class="content"> <?php foreach ($posts as $post) { echo $post->render(); } ?...
My OSCP Experience
Introduction to “trying harder” How it all started When I was 14 years old, I was amazed by how hackers could do something which seems impossible to an average non-IT person. After some googling and researching, I found out about OSCP certification and after reading bunch of reviews and experience stories about it, it seemed impossible for me to obtain it. I got so scared that I forgot about it completely and started learning web development....