This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Access to the lab: According to the description, the vulnerability is in the comment functionality. Now we can our comment in the source: Intercepting the request: Checking Burp Suite XSS documentation and based on the source code obtained after adding a new comment,
Burp Suite Lab Academy – Stored XSS into anchor `href` attribute with double quotes HTML-encoded
Offsec.tools is a community-driven website that provides an extensive collection of security tools organized by categories and tags, making it easy to find the right tool for your security testing needs. The website includes tools for various security testing activities such as cloud and services, CMS, information gathering, technologies, vulnerabilities, and miscellanea. The tags cover a broad range of topics such as AWS, Azure, Bitbucket, Censys, Cloudflare, Detectify, DigitalOcean, GitHub,
Pdtm by Project Discovery
Project Discovery is an open-source software company that builds tools for cybersecurity.They are under nuclei, subfinder, httpx, katana or naabu. Recently they have published pdtm.Pdtm is a simple and easy-to-use golang based tool for managing open-source projects from ProjectDiscovery. Install go1.19 is required to install successfully pdtm. $ go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest Usage $ pdtm –help $ pdtm if needed add your bin go path to the config file located in:
$ nmap -v -sV -p- 10.129.74.179 –min-rate 5000 $ ftp 10.129.74.179 Users detected: According to the password policy found, the default’s password is funnel123#!# $ ssh firstname.lastname@example.org Which service is running on TCP port 5432 and listens only on localhost? christine@funnel:~$ ss -tulpn Port 5432 is usually used by PostgreSQL As we don’t have access to the previously mentioned service from our local machine, we need to create a tunnel
Chaos bug bounty recon data API
Bug bounty programs offer a unique opportunity for security researchers to test and identify vulnerabilities in applications and systems, all while earning rewards for their efforts. However, with so many programs available, it can be challenging for researchers to find new targets and prioritize their efforts effectively. This is where the Chaos Bug Bounty Recon Data API from Project Discovery can be incredibly helpful. The Chaos Bug Bounty Recon Data
Can’t post this week
This week my dad is moving to a new house, so I won’t be able to post our weekly article. Next week will be back as usual. Have a nice week!
NALA: An APT front-end
Nala is another way of using apt. It is a command line front-end that will improve your apt usage. Improvements over Apt: The installation is easy: $ sudo apt update && sudo apt install nala Command usage: Screenshots from its Github site:
Burp Suite Academy Lab – Reflected XSS into attribute with angle brackets HTML-encoded
This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function. «><script>alert(document.domain)</script> Checking BurpSuite Academy for Cross-Site Scripting, we find that if angle brackets are blocked or encoded, the input you won’t be able to break out of the tag in which it appears, so we can try other
How to check regular expressions
If you want to check if your regular expression is going to catch what you expect it to mach you can rely on https://www.regextranslator.com as a confidence tool. Using: as an example a regular expression from a great regular expression guide from Bugcrowd: How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers, Automatically you get the regular expression simple English «translation».
How your scanner app can be tested?
Do you want to test your brand new scanner app? How to know if the app detects the vulnerabilities it should? Thanks to Portswigger now we have Gin and Juice Shop. This is a vulnerable web shop where your scanner app can be tested. The application can be found here: https://ginandjuice.shop Happy scan! 😈