Tagged Questions
-2
votes
1answer
37 views
Trying to replicate request for CSRF exploit
I'm trying to create a CSRF exploit on this application, but I simply can't figure out how the request is made. I've monitored the requests with tamper data, live http headers, fiddler, and burp ...
3
votes
4answers
157 views
Open exploits database, with structured data (CMS name, version, etc.)
For a web security app I'm working on, I want to list all the exploits that a certain Wordpress version have. (and hopefully the same for other CMSs)
I found some (open) exploits databases that list ...
2
votes
2answers
351 views
how to bypass “header” in php
While reading an article I encounter an interesting thing I did not know about:
if(!isset($_SESSION['usr_id']) || !isset($_SESSION['usr_name']))
{
header('Location: index.php');
}
...Which ...
25
votes
6answers
1k views
Is there a difference between GET and POST for web application security?
I have 2 choices in sending data between 2 web applications.
I encode the data in Base64 and append to the URL and retrieve these parameters at my destination application and decode the parameters.
...
3
votes
1answer
199 views
How did the Tumblr worm spread?
Recently Tumblr was hit by a fast-spreading worm.
How did the worm work? What was the vulnerability in Tumblr that it exploired? Did it exploit a XSS vulnerability in Tumblr? A CSRF vulnerability ...
1
vote
2answers
270 views
DVWA vulnerability list or guide?
Is there a list of vulnerabilities for DVWA, I cannot seem to find a vulnerability list or guide.
By guide I mean an exhaustive list of vulnerabilities to work through.
2
votes
1answer
130 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
4
votes
2answers
223 views
Does anyone know about how LinkedIn was compromised?
I know some super basic stuff about website security (e.g. using HTTPS, escaping user input), but hearing about high profile sites getting compromised makes me wonder in what way they were broken ...
1
vote
1answer
301 views
Lots of 'unidentified exploits' detected with w3af
I've been running some scans across a few different networks and on certain sites I will get a flag about an unidentified exploit in the log. When I review what the exploit is, most of the time its a ...
3
votes
3answers
6k views
How can I use this path bypass/exploit Local File Inclusion?
I have tried to run a vulnerability scanning script (Uniscan 6.0) on some websites and then I found a site which is exploitable with this following path. (included a word "invalid" , params/website ...
5
votes
3answers
2k views
Is it possible to inject HTML into image to provoke XSS?
Some answers mention that it's possible to inject attacker-controlled HTML into images and therefore provoke XSS.
I guess that this HTML will be processed by browser only if hole exists in browser. ...
6
votes
3answers
1k views
Where can I find exploit code?
I am doing VA/PT on a sample web application. I run the nessus scanner and I found some high severity problems. It is related to HP System Management Homepage. The CVE numbers are:
2010-1917,
...
