shizz3r IT tech blog

  Introduction Hello Guys! In the fifth post of the penetration testing series, I would like to show you the solution to the SQL Injection lab from the INE free course. But as always, before going into breaking into the web app it's important to understand what the SQL Injection vulnerability really is.  As the name suggests, when a web application is vulnerable to SQL Injection, the attacker can send queries to the back-end database and talk with it.  That's why this vulnerability is really dangerous. Imagine that an attacker found an input field that is vulnerable to SQLi. When this happens it can for example fetch all user's credentials saved inside the database. But there are as many dangers as the number of queries that can be possibly constructed and sent to a database! Another scary example that comes to my mind is the possibility of removing the whole database! As you can see SQL Injection vulnerability is dangerous and as a pentester, you have to check if the tes...

  Introduction Hello everyone! Finally, it's time for the first serious web application attack and its name is XSS . This approach to breaking into the application is very smart. I mean, the idea behind Cross-Site Scripting  is code injection. It works this way - every time we see an input field with a result printing on the screen we should check this field if it is safe from the XSS vulnerability. Take a look at this simple example of how XSS works and we will be good to go with the lab. Here is the basic website that takes the input from the form and prints the "Hello <value from form>" statement. Look: Let's think for a moment about how this trivial application prints the set of characters dynamically. Most likely it takes the input from the input field and pastes it to the print PHP function. The "hello" string will be put into the HTML code that is sent from the server to the client. Here is how the source of the application looks like: It's ...

Introduction Hello guys! Today it's time for another lab from the INE free course about penetration testing. This challenge is based on the Dirbuster tool that I'm gonna learn. As far as I know, this program is capable of finding hidden resources that reside on a web server. From a penetration tester point of view, such findings are interesting because they can have serious security holes. Imagine that a programmer decided not to publish a testing part of its web application. It means that he or she hid some resource and it's not available through any browser. In that case, the Dirbuster  is probably the best choice for finding this resource. It can do it in two ways - using brute-force  or dictionary attack. There are pros and cons to each of these approaches. For example, when we are using a brute-force type of attack we can be sure that the tool will not avoid any set of characters and it will try to find exactly each option. But on the other side, this approach is very ...