Love thy scripture – XXE
Categories
Injection, pentest, WAAS, Web Attacks, webdev

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]

Credential Harvesting on paranoid browsers
Categories
pentest, Web Attacks, webdev

Credential harvesting is one of the most common methods used in social engineering attacks when phishing. A sample can be viewed here. Some things about the cloner in social engineering toolkit: It doesn’t download assets i.e. images, css, javascript files The page cloned needs to be always reachable I will be testing this on chrome […]

April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930