What Is Sub-Domain Takeover?

What Is Sub-Domain Takeover?

What Is Sub-Domain Takeover? – A sub domain takeover is really what it sounds like, a situation where a malicious person is able to claim a sub domain on behalf of a legitimate site. In a nutshell, this type of vulnerability involves a site creating a DNS entry for a sub domain, for example, ExploitByte (the hosting company) and never claiming that sub domain. 1. example.com registers on ExploitByte 2. example.com creates a DNS entry pointing sub domain.example.com to unicorn457.ExploitByte.com 3. example.com never claims unicorn457.ExploitByte.com 4. A malicious person claims…

Read More

What Is Bug Bounty?

What Is Bug Bounty?

What Is Bug Bounty? – Bug abundance chasing is a strategy for discovering blemishes and weaknesses in web applications; application sellers reward bounties, thus the bug abundance tracker can bring in cash during the time spent doing as such. Application merchants pay programmers to recognize and distinguish weaknesses in their product, web applications, and versatile applications. Regardless of whether it’s a little or an enormous association, inside security groups require an outer review from other genuine world programmers to test their applications for them. That is the explanation they approach…

Read More

What Is Command Injection Attacks?

What Is Command Injection Attacks?

What Is Command Injection Attacks? – Command injection flaws allow attackers to pass malicious code to different systems via web applications. The attacks include calls to an operating system over system calls, use of external programs over shell commands, and calls to the backend databases over SQL. Scripts in Perl, Python and other languages execute and insert the poorly designed web applications. If a Web Application uses any type of interpreneur, attacker insert malicious code to inflict damage. To perform functions, web applications must use operating system feature and external…

Read More

What Is Local File Inclusion?

What is Local File Inclusion?

What Is Local File Inclusion? – File inclusions can be discovered in the same way as directory traversals. We must locate parameters we can manipulate and attempt to use them to load arbitrary files. However, a file inclusion takes this one step further, as we attempt execute the contents of the file within the application. We should also check these parameters to see if they are vulnerable to remote inclusion (RFI) by changing their values to a URL instead of a local path. We are less likely to find RFI…

Read More

What is Bypassing Authentication?

What Is Bypass Authentication?

What is Bypassing Authentication? – In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication. A common example of such a process is the log on process. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism. What if we could bypass all authentication mechanisms entirely? We can! This technique is called browser pivoting—essentially, we use our access to the target workstation to inherit permissions from the doctor’s browser and…

Read More

What is Input Validation Attacks?

What is Input Validation?

What is Input Validation Attacks? – Input validation attacks occur in much the same way buffer overflows do. Effectively, a programmer has not sufficiently reviewed the input from a user (or attacker, remember!) before passing it onto the application code. In other words, the program will choke on the input or, worse, allow something through that shouldn’t get through. The results can be devastating, including denial of service, identity spoofing, and outright compromise of the system, as is the case with buffer overruns. In this section, we take a look…

Read More

What is XML Vulnerability?

What Is XML Vulnerability?

What is XML Vulnerability? – An XML External Entity (XXE) vulnerability involves exploiting how an application parses XML input, more specifically, exploiting how the application processes the inclusion of external entities included in the input. To gain a full appreciation for how this is exploited and its potential, I think it’s best for us to first understand what the eXtensible Markup Language (XML) and external entities are. Also Read :- CSRF, XSS A metalanguage is a language used for describing other languages, and that’s what XML is. It was developed…

Read More

What is Open Redirection?

What is Open Redirection?

What is Open Redirection? – According to the Open Web Application Security Project, an open redirection occurs when an application takes a parameter and redirects a user to that parameter value without any conducting any validation on the value. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it, abusing the trust of a given domain to lead users to another. The malicious website serving as the redirect destination could be prepared to look like a legitimate site and try to collect personal…

Read More

What is Cross-Site Request Forgery?

What is Cross-Site-Request-Forgery?

What is Cross-Site Request Forgery? – A Cross-Site Request Forgery, or CSRF, attack occurs when a malicious website, email, instant message, application, etc. causes a user’s web browser to perform some action on another website where that user is already authenticated, or logged in. Often this occurs without the user knowing the action has occurred. A successful CSRF exploit can compromise end user data and operation, when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application.…

Read More

What is CRLF Injection?

What is CRLF Injection?

What is CRLF? When a browser sends a request to a web server, the web server answers back with a response containing both the HTTP headers and the actual website content. The HTTP headers and the HTML response (the website content) are separated by a specific combination of special characters, namely a carriage return and a line feed. They are also known as CRLF. The server knows when a new header begins and another one ends with CRLF, which can also tell a web application or user that a new…

Read More