How to check regular expressions

If you want to check if your regular expression is going to catch what you expect it to mach you can rely on https://www.regextranslator.com as a confidence tool. Using: as an example a regular expression from a great regular expression guide from Bugcrowd: How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers, Automatically you get the regular expression simple English «translation».

How your scanner app can be tested?

Do you want to test your brand new scanner app? How to know if the app detects the vulnerabilities it should? Thanks to Portswigger now we have Gin and Juice Shop. This is a vulnerable web shop where your scanner app can be tested. The application can be found here: https://ginandjuice.shop Happy scan! 😈

BurpSuite Lab – DOM XSS in jQuery selector sink using a hashchange event

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property. To solve the lab, deliver an exploit to the victim that calls the print() function in their browser. The affected code is: Go to the exploit server: Add into the body the malicious iframe: <iframe src=»https://0a2e00cb036dbde4c0785e5d005a000a.web-security-academy.net/#» onload=»this.src+='<img src=1 onerror=print()>'»></iframe> Based on the documentation found in the

BurpSuite Lab – DOM XSS in jQuery anchor `href` attribute sink using `location.search` source

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library’s $selector function to find an anchor element, and changes its href attribute using data from location.search. To solve this lab, make the «back» link alert document.cookie. This is the Submit feedback functionality: If we check the url, we can see a returnPath parameter: https://0a1a00e703f5826ec0b1405b007b002d.web-security-academy.net/feedback?returnPath=/ This parameter is used here: To modify the back link with the value of the

BurpAcademy Lab – DOM XSS in innerHTML sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search. To solve this lab, perform a cross-site scripting attack that calls the alert function. As we can see here innerHTML sink used. Checking BurpAcademy DOM based Cross Site Scripting documentation. The innerHTML sink doesn’t accept script elements on any modern browser, nor will svg onload events fire. This means you will need to use alternative elements

Merry Catmas 2022!

This week as you can see it’s too cold to get out of here and I’m just waiting for my gifts, so you will need to wait 1 week more for the next post. So, enjoy your catmas!!

Burp Suite Academy lab – DOM XSS in document.write sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search, which you can control using the website URL. To solve this lab, perform a cross-site scripting attack that calls the alert function. If we check the source code, we can see: as document.write() is who writes the query as part of an img tag we

Kali Linux 2022.4 released

The new Kali Linux 2022.4 release is here and it brings new features and improvements. Some of the updated in the Desktop version are: As usual, to upgrade your Kali Linux the commands are: Ensure that /etc/apt/sources.list is correct: $ cat /etc/apt/sources.list Then update and upgrade your packages. $ sudo apt update && sudo apt -y full-upgrade After a restart you should can check your Kali version. $ grep VERSION /etc/os-release

HTB Synced

Today we return with a new of the very easy HTB boxes to try to finish them all. $ nmap -v -p- 10.129.228.37 –min-rate 5000 Rsync port is 873/tcpLet’s see which version rsync is using… $ nmap -v -p873 -sV 10.129.228.37 –min-rate 5000 Another option: $ nc -vn 10.129.228.37 873 Rsync protocol is version 31. From Linux, we can interact with rsync with the tool rsync. $ rsync –help $

reconFTW – Yet another new recon tool

According to its GitHub page, reconFTW is desdribed as: ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses a lot of techniques (passive, bruteforce, permutations, certificate transparency, source code scraping, analytics, DNS records…) for subdomain enumeration which helps you to get the maximum and the most interesting subdomains so that