Tag feed

#command-injection

24 posts1 followers

Trending tags this week

HackTheBox - TwoMillion: A Complete Walkthrough

May 27 · 5 min read · Overview TwoMillion is a nostalgic HackTheBox machine themed around the old HTB platform. The attack chain involves reverse-engineering obfuscated JavaScript to discover invite code logic, abusing a b

Join discussion

MNMilan Nikicsecuritydepth.hashnode.dev

0

OS Command Injection: Security Architect's Perspective (Part 2)

May 11 · 22 min read · In Part 1 of this series, we cover OS command injection vulnerabilities from a developer's perspective. We looked at secure coding approaches with ProcessBuilder, whitelist-based validation strategies

Join discussion

MNMilan Nikicsecuritydepth.hashnode.dev

0

OS Command Injection in Java: Secure Coding Patterns (Part 1)

May 5 · 19 min read · There are times when using the Java APIs is simply not sufficient. Video processing using FFmpeg, obtaining EXIF information, integrating with legacy tools – all of these are valid reasons for accessi

Join discussion

SSl4cK0THz2r.zor0ark.me

0

WebVersePro Labs - Labs: NewsForge Writeup (Command Injection)

May 5 · 6 min read · Challenge Link: https://dashboard.webverselabs-pro.com/labs/newsforge Introduction Welcome back to another CTF writeup, we are tackling NewsForge, an easy-level web challenge from the WebVersePro Lab

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

API Security in DVWA

Mar 21 · 29 min read · 1 Introduction In this post, the API Security vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks across all security levels is to exploit weaknesses in

Join discussion

TBTaha Benahmaditahaben.hashnode.dev

0

OS command injection

Mar 10 · 2 min read · OS command injection What is command injection? Command injection is a vulnerability that allows an attacker to execute operating system (OS) commands on the server that is running an application. A s

Join discussion

RRridesh raju bijwerideshcyber.hashnode.dev

0

SOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)

Feb 28 · 4 min read · A Command Injection Investigation | LetsDefend SOC Lab Today’s alert immediately caught my attention: Whoami Command Detected in Request Body At first glance, it may look like a harmless Linux command

Join discussion

AMAmr Mohammedamrmoadel.hashnode.dev

0

Cyclic Scanner - Android Service Exploitation Walkthrough

Feb 23 · 6 min read · Overview The lab description makes one thing very clear: this challenge is about exploiting an Android Service to achieve RCE. There is no confusion about the goal, and there is no need to explain wha

Join discussion

ZOZeroTrust Opsnavyacyber.hashnode.dev

0

Day 15: Web Attack Forensics – Drone Alone

Dec 31, 2025 · 2 min read · The Mission: Decoding the Drone Disturbance The town's drone scheduler started behaving erratically, receiving strange, unusually long HTTP requests containing Base64 chunks. The goal for this "Boss Rush" stage was to act as a Blue Teamer (defender) ...

Join discussion

PPwniversepwniverse.hashnode.dev

0

CVE-2022-31814 - pfSense Unauthenticated Remote Code Execution in pfBlockerNG Package

Oct 2, 2025 · 1 min read · Vulnerability Command injection vulnerability exists in index.php of pfBlockerNG. Host header, which is user input, is entered into exec. <?php /* index.php pfBlockerNG (DNSBL) Copyright (c) 2015-2016 BBcan177@gmail.com All rights re...

Join discussion

#command-injection

Search Hashnode

#command-injection

Trending tags this week

HackTheBox - TwoMillion: A Complete Walkthrough

OS Command Injection: Security Architect's Perspective (Part 2)

OS Command Injection in Java: Secure Coding Patterns (Part 1)

WebVersePro Labs - Labs: NewsForge Writeup (Command Injection)

API Security in DVWA

OS command injection

SOC168 – Whoami Command Detected in Request Body Walkthrough (EventID:118)

Cyclic Scanner - Android Service Exploitation Walkthrough

Day 15: Web Attack Forensics – Drone Alone

CVE-2022-31814 - pfSense Unauthenticated Remote Code Execution in pfBlockerNG Package