Oct 9, 2025 · 4 min read · Introduction In this POC we are going to demostrate how to perform a fileless code injection into EQNEDT32.EXE (Microsoft Word Equation Editor) . We are going to use the unamer implementation (https://github.com/unamer/CVE-2017-11882 ) (605 bytes) to...
Join discussion
Aug 29, 2025 · 10 min read · If you haven’t lived under a rock or in Point Nemo, you must have heard about MCP servers and AI browsers. Uncle Ben once(always) said “With great power, comes great responsibility”. With AI and MCP servers’ great power, I think we are a little behin...
Join discussion
Aug 25, 2025 · 3 min read · Hello Friends It’s been two months since I took a break from bug bounty hunting. During that time, I graduated from university 🎓, recharged, and now I’m officially back in the game. And guess what? Within just a few days of returning, I landed a cri...
DHDipesh and 1 more commented
Jun 8, 2025 · 5 min read · We should now have a solid understanding of how command injection vulnerabilities occur and how certain mitigations like character and command filters may be passed. This section will discuss methods we can use to prevent command injection vulnerabil...
Join discussionMay 1, 2025 · 4 min read · What is NoSQL databases? NoSQL databases store and retrieve data in a format other than traditional SQL relational tables. They are designed to handle large volumes of unstructured or semi-structured data. As such they typically have fewer relational...
Join discussion
Apr 25, 2025 · 4 min read · If you’ve built an API with Node.js, chances are you’ve thought about security – at least a little. Maybe you’ve heard about SQL injection, brute force attacks, or data leaks. But here’s the thing: it’s not just about big hacks. Even small gaps in yo...
Join discussion
Apr 8, 2025 · 3 min read · Defination : When an attacker manipulates SQL queries within an application to interfere with database. This can lead to modify the database in unauthorized way. Types of SQL Injection : 1) Error Based SQL Injection : When user provide an Input to th...
Join discussion
Feb 11, 2025 · 5 min read · CRLF (Carriage Return Line Feed) injection is a type of attack that targets web applications through the manipulation of HTTP headers. The term “CRLF” refers to the characters used to mark the end of a line in HTTP requests and responses. These chara...
Join discussion
Dec 21, 2024 · 4 min read · La inyección SQL es una de las vulnerabilidades más comunes y peligrosas en aplicaciones web. En el caso de Oracle APEX (Application Express), aunque la plataforma ofrece protecciones integradas, también es posible que los desarrolladores introduzcan...
Join discussion
Oct 18, 2024 · 5 min read · API security is a critical aspect of building modern applications, especially as the threat landscape continues to evolve. Among the most common attack vectors targeting APIs are injection attacks, such as SQL injection and NoSQL injection. These att...
Join discussion