oxshin.devLFI 101 - Basic Bypass Techniques1. Non-Recursive Path Traversal Filters Detailed Example Let's consider a vulnerable PHP script that attempts to filter ../ sequences: $language = str_replace('../', '', $_GET['language']); include('./languages/' . $language); If an attacker provide...May 15, 2024·3 min read
oxshin.devLFI 101 - Basic Vulnerabilities1. Introduction Local File Inclusion (LFI) vulnerabilities are a common issue in web applications that dynamically load content based on user-supplied input. They allow an attacker to manipulate parameters to read the contents of local files on the s...May 13, 2024·5 min read
oxshin.devLFI 101 - Introduction of File Inclusion Vulnerabilities1. Introduction to File Inclusion Vulnerabilities 1.1 What are File Inclusion vulnerabilities? Explanation: File Inclusion vulns allow attacker to manipulate parameters to display contents of local files on server Can lead to source code disclosure...May 9, 2024·3 min read
oxshin.devXSS 101 - Blind XSS Step By Step GuideIntroduction: In this blog post, we'll walk through the process of exploiting a blind XSS vulnerability to steal cookies from a victim's browser. We'll use a real-world example to demonstrate each step, explaining which machine and IP address is invo...May 7, 2024·4 min read
oxshin.devXSS 101 - Prevention TechniquesFrontend Prevention Techniques Input Validation with JavaScript Example: function validateEmail(email) { const re = /^(([^<>()[\\]\\\\.,;:\\s@"]+(\\.[^<>()[\\]\\\\.,;:\\s@"]+)*)|(".+"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([...May 6, 2024·3 min read
