404 questions
3
votes
0
answers
81
views
Penetration test fails for Wordpress 6.7.2 as jQuery UI 1.13.3 reached EOL
I'm running a Wordpress 6.7.2 multisite network for a customer of mine.
A recent compulsary penetration test failed with following message:
The following software is used on the pages in an end-of-...
- 305
0
votes
0
answers
32
views
Android WebView Same Origin Policy: Unable to load internal file into iFrame
I am trying to build a PoC on a file theft in Android Webview for research purposes. However, I'm not able to load the supposedly stolen content in iFrame. Tried with different Android versions but no ...
- 8,401
0
votes
1
answer
19
views
Is a SameSite=none cookie passed automatically to the next website the user navigates to?
Let's say I am on the webshopA site where an auth cookie is stored - it is set to SameSite none unfortunately.
Then I enter webshopB into the address bar and I press enter.
--> Now if webshopB ...
- 49
2
votes
0
answers
57
views
system() returns the error sh: 1: : not found when I try to execute it with "/bin/sh" in the register rdi
I am following a walkthrough of a box on VulnHub, The Planets: Venus.
I got the shell to run through a buffer overflow, by putting an 8 byte padding, a gadget(pop rdi; ret), an address pointing to &...
- 31
0
votes
0
answers
22
views
Why setup HSTS in absence of HTTP service
i'm wondering if its useful for my server to implement HSTS if the only available service is https ? i dont have any other open ports on my machine. So even if my browser tries to connect to http, the ...
0
votes
0
answers
43
views
For Buffer Overflow pentesting, calculator.exe shellcode will not work inside a python file
I am trying Buffer Overflow pentesting, and the idea is to ultimately get the calculator executed. After getting everything right, as in calculating the needed bytes to overflow the buffer and reach ...
- 13
0
votes
0
answers
38
views
Why do some requests fail with 'Invalid token' or 'Invalid Jsession ID' when passing session ID and token between HTTP requests in JMeter?
While passing the session ID and token from one HTTP request to subsequent requests in JMeter, some requests fail with messages such as "Invalid token" or "Invalid Jsession ID.
i have ...
- 129
0
votes
0
answers
70
views
SQL injection with LIKE Clause (bWAPP Get/Search Medium Level) [duplicate]
I was trying to perform some SQL Injection on bWAPP application. I a running test on medium level where query is like this.
SELECT * FROM movies WHERE title LIKE '%".$(title)."%';
User will ...
- 337
-2
votes
1
answer
55
views
eCPPTv2 Buffer overflow exploit development
I'm having ecPPTv2 exam, and I successfully developed the exploit for the buffer overflow section, so I found offset, bad chars and the return address, i debugged with Immunity Debugger and It's all ...
0
votes
0
answers
35
views
How to hide sensitive information in com.google.android.gms.signin.xml file on Android
I have a PENTEST finding in Android on a rooted device. It has highlighted a google SDK file /data/{my_app}/shared_prefs/com.google.android.gms.signin.xml.
This file seems to be storing user ...
- 1,529
1
vote
1
answer
1k
views
Unable to Intercept Requests with Mitmproxy: Getting "502 Bad Gateway" Error
I'm currently conducting penetration testing on a website, and I'm attempting to intercept requests using Mitmproxy to reverse engineer the backend APIs. However, I'm encountering a "502 Bad ...
- 13
0
votes
1
answer
277
views
Process Injection via VBA Macro Failing
I've been tasked with creating a macro that performs process injection within a Word macro. The steps are quite simple and can be replicated to execute shellcode that I've written it in C. However, I ...
- 71
0
votes
0
answers
146
views
xp_cmdshell as dbo user only able to run 'ping localhost' to verify RCE?
I am currently doing a pentest on a client's asp web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to ...
1
vote
0
answers
182
views
X-FRAME-OPTIONS header missing on step1.html of Keycloak
our security and pen test team reported one issue that the below resource is missing x-frame-options header?
Any suggestions or thoughts why only this page alone missing that header even though it is ...
-3
votes
1
answer
483
views
How do I access an iOS app's SQLite database?
I am a penetration tester. I want to access my app's SQLite database in the in market app (if possible). How can I do this? Do I need a jailbroken phone? If so, how do I jailbreak a test device and ...
- 181