XSS (Cross-Site Scripting) is one of the most popular vulnerabilities in the world of web applications. On the OWASP TOP 10 list it has been ranked first in terms of popularity for many years. Until now, XSS has usually been identified only in the world of browsers. However, due to the fact that HTML and …
Year: 2017
Stealing Data in Great style – How to Use CSS to Attack Web Application.
This article will show you an example of how you can use the ability to inject your own CSS rules into a web application to exfiltrate data. This attack can be particularly practical for stealing tokens that protect against CSRF attacks. In this text we will see that CSS injections can be used to steal …
How to take over the CCTV camera
This time, we take a look at the camera Ganz Security – model ZN-M2F (price is about $650). We were able to get root privileges without authentication. Ganz Security? This is a company known in the West: The Ganz brand is currently used by more than 100,000 businesses and research and development institutions in the …
What is Path Traversal vulnerability?
Path Traversal attacks are performed when the vulnerable application allows uncontrolled access to files and directories, to which the user should not usually have access. The attack vector is the parameters passed on the application, representing paths to resources, on which specific operations are to be performed – reading, writing, listing the contents of the …
Testing applications for Android: analysis and changing the way applications work by using the Frida framework
What is Frida? Frida, as the website of this project says, is a world-class dynamic instrumentation framework. To simplify: a framework that will allow us to inject our own code into a working process (it can be a process on Android, but it also supports iOS, Windows, Linux or macOS), and then to control this …
Address bar spoofing in Chrome and Firefox – description of CVE-2017-5089 and CVE-2017-7763
In this article, I will show you how you could have previously performed “spoofing” of the address bar in Chrome and Firefox browsers. In other words, make the domain displayed in the browser’s address bar not the one where the user actually is. As a consequence, the attack can be used for phishing, for example, …
Security problems of Apache Cordova – steal the entire contents of the phone’s memory card with one XSS
There are many different technologies available on the mobile market that allow you to create applications. One of them – Apache Cordova – allows you to write applications in JavaScript and HTML. Applications created in this way are easy to distribute, and their operation does not differ from native applications written in Java or C. …
From the pentester library – several ways to raise privileges in Linux
From the text you will find out how: get information about the Linux system use the obtained information to search for local vulnerabilities take advantage of vulnerability (on the example of CVE-2016-5195 – Dirty COW) look for and take use of configuration errors In this article I would like to present how to convert the …
DoS attack on applications – through regular expressions
The American programmer, Jamie Zawinski, once said, “Some people, when they encounter a problem, think to themselves, ‘I know! I will use regular expressions.’ And now they have two problems.” In this article, we’ll see how true the words are if the regular expression has been spelled incorrectly, allowing the Denial-of-Service to be launched on …
Stealing tokens, hacking jQuery and bypassing Same-Origin Policy – how I won XSSMas Challenge 2016
In this article: You will learn an interesting way to read tokens from another domain. You will learn how to make XSS using jQuery. You will see how to break Same-Origin Policy using Flash. XSSMas Challenge is a challenge (in the style of CTF) organized for several years by Cure53. As you can guess from …
A few words about the implementation of SSL and TLS – part II
In the previous part, we got to know the theoretical premises to which attention should be paid when preparing for the implementation of SSL / TLS encryption mechanisms. In this part, we will try to focus on the configuration, which guarantees correct presentation of our website to visitors. 2.0 Using complete certificate chains Once, the …
Unordinary methods used in phishing attacks
Introduction In recent years phishing has evolved very much. The emergence of many new techniques – and therefore the modification of available solutions – has taken this type of attack to a higher level. Attackers increasingly use e-mail, websites or private messages in instant messengers to distribute it. In this article I will try to …
LDAP injection vulnerability – definitions, examples of attacks, methods of protection
What is LDAP? Lightweight Directory Access Protocol (LDAP) is a protocol that allows the exchange of information using the TCP/IP protocol. It is intended for the use of directory services; i.e., object-oriented databases representing network users and resources. LDAP is widely used in many services of which Microsoft’s Active Directory is probably most known. LDAP …
X-Forwarded-For header – security problems…
HTTP header: X-Forwarded-For (XFF) was originally introduced by a team of developers responsible for developing the Squid server as a method of identifying the original IP address of the client that connects to the web server through another proxy server or load balancer. Without using XFF or any other similar technique, any proxy connection would …
Reading Data Stored on Contactless Payment Cards
Do you know how to easily read your credit card details? Probably, you do, because for a few years now, a simple phone with an NFC reader has been enough to do this. On the market we can choose from many applications for different platforms that offer such a possibility. Today we will compare which …
Automatic Analysis of Malicious Software Using of SysAnalyzer
Beginning SysAnalyzer is an application (or rather a set) that allows for quick analysis of malware by observing its activities in different stages of the system. Before starting the “malicious sample”, the software creates a snapshot of the current state of our environment, which after starting the malware, is the basis for determining changes in …
A few words about the implementation of SSL and TLS – part I
SSL / TLS is a seemingly simple technique that ensures, among other things, protection of data. It guarantees the confidentiality of data transmission over the internet, while maintaining the simplicity of installation and operation—apart from situations when it is not. At the end of 2014, the giant from Mountain View, Google, reported that sites using …
WebSocket protocol security in practice
The dynamic development of web applications leads to a situation in which, for some time now, there has been a demand for the introduction of asynchronous data exchange between the client and the application server. The commonly used HTTP protocol is stateless, based on the query sent to the server and the answer given – …