Collision Based Hashing Algorithm Disclosure This detailed article explains how you can use the Collision Based Hashing Algorithm Disclosure method to check if the target web application uses the weak SHA-1 hashing algorithm to hash the users’ passwords.
The Advantage of Heuristic Over Signature Based Web Vulnerability Scanners This article explains how both the heuristic and signature based web application security scanners work. It also explains the pros and cons of both types of scanners.
XSS, CSRF & Other Vulnerabilities in CubeCart Web Application This article explains in details the various vulnerabilities Netsparker’s security researchers identified in CubeCart, an open source ecommerce solution.
How I Hacked my Smart TV from My Bed via a Command Injection This article explains how I was able to exploit a command injection vulnerability in my Smart TV and use Netcat to gain remote shell access on the TV set.
What is SQL Injection? What is SQL injection? The SQL injection vulnerability allows malicious hackers to inject arbitrary code in SQL queries, thus being able to directly retrieve and alter data stored in a website’s database.
Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php.
How Netsparker Hawk Finds SSRF and Out-of-Band Vulnerabilities This article explains in detail how the Netsparker web application security scanner uses the Netsparker Hawk vulnerability testing infrastructure to identify Server Side Request Forgery, blind, async and second order web application vulnerabilities.
Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages This article explains how attackers can use the XSHM attack to identify WordPress websites running on internal networks and behind firewalls, and also launch a login bruteforce attack against them.
Remote Code Evaluation (Execution) Vulnerability This article explains what the Remote Code Evaluation (execution) vulnerability is and how attackers can exploit it. The article also explains of what you should do as a developer to prevent this vulnerability.
Exploiting a CSRF Vulnerability in MongoDB Rest API This article explains how attackers can exploit a Cross-site Request Forgery (CSRF) vulnerability in the MongoDB REST API to extract data from the database of the vulnerable database management system.
