May 15, 2024 · 3 min read · 1. Non-Recursive Path Traversal Filters Detailed Example Let's consider a vulnerable PHP script that attempts to filter ../ sequences: $language = str_replace('../', '', $_GET['language']); include('./languages/' . $language); If an attacker provide...
Join discussionMay 13, 2024 · 5 min read · 1. Introduction Local File Inclusion (LFI) vulnerabilities are a common issue in web applications that dynamically load content based on user-supplied input. They allow an attacker to manipulate parameters to read the contents of local files on the s...
Join discussion
May 9, 2024 · 3 min read · 1. Introduction to File Inclusion Vulnerabilities 1.1 What are File Inclusion vulnerabilities? Explanation: File Inclusion vulns allow attacker to manipulate parameters to display contents of local files on server Can lead to source code disclosure...
Join discussion
May 7, 2024 · 4 min read · Introduction: In this blog post, we'll walk through the process of exploiting a blind XSS vulnerability to steal cookies from a victim's browser. We'll use a real-world example to demonstrate each step, explaining which machine and IP address is invo...
Join discussion
May 6, 2024 · 3 min read · Frontend Prevention Techniques Input Validation with JavaScript Example: function validateEmail(email) { const re = /^(([^<>()[\\]\\\\.,;:\\s@"]+(\\.[^<>()[\\]\\\\.,;:\\s@"]+)*)|(".+"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([...
Join discussion