Posts

Showing posts from February, 2016
Image
CSRF Demo: CSRF in HTML requests.

SSI - Server Side Includes attack

Image
The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. Refer below Video for Exploit demo: In this video, NETCAT is used to take Reverse Shell by exploiting SSI. Reference: http://www.javascriptkit.com/howto/ssi.shtml https://httpd.apache.org/docs/2.4/howto/ssi.html https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection http://www.freewebmasterhelp.com/tutorials/ssi

CWE vs CVE

CWE: The Common Weakness Enumeration (CWE) is a formal list of software weakness types created to Serve as a common language for describing software security weaknesses in architecture, design, or code.  Reference: http://cwe.mitre.org/about/index.html   CVE: CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. Reference: http://cve.mitre.org/about/terminology.html http://cve.mitre.org/about/index.html Difference (CWE vs CVE): Software vulnerability is a collection of one or more weaknesses that contain the possible way for an attacker to perform unintended behavior. So a weakness is a patterns or behaviors, a group of weakness or a single weakness may help to perform unintended behavior. In other word, When the weakness can be used by an attacker against the software then that's a vulnerability. For example , If an address parameter in register page is not properly valid...