What Is Network Scanning?

Network Scanning

Network Scanning refers to a set of proceducers for identifying hosts, ports and services in a network. Network Scanning is one of the components of intelligence gathering an attacker uses to create a profile of the target organization. Objective of Network Scanning To discover live hosts, IP address, and open ports of live hosts. To discover operating systems and system architecture. To discover services running on hosts. To discover vulnerabilities in live hosts. Network Scanning phase includes probing to the target network for getting information. When a user probes another…

Read More

What is XML Vulnerability?

XML Vulnerability

An XML External Entity (XXE) vulnerability involves exploiting how an application parses XML input, more specifically, exploiting how the application processes the inclusion of external entities included in the input. To gain a full appreciation for how this is exploited and its potential, I think it’s best for us to first understand what the eXtensible Markup Language (XML) and external entities are. Also Read :- CSRF, XSS A metalanguage is a language used for describing other languages, and that’s what XML is. It was developed after HTML in part, as…

Read More

Cross-Site Request Forgery

Cross-Site Request Forgery

A Cross-Site Request Forgery, or CSRF, attack occurs when a malicious website, email, instant message, application, etc. causes a user’s web browser to perform some action on another website where that user is already authenticated, or logged in. Often this occurs without the user knowing the action has occurred. A successful CSRF exploit can compromise end user data and operation, when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application. The impact of a CSRF attack…

Read More

CRLF Injection

CRLF Injection

What is CRLF? When a browser sends a request to a web server, the web server answers back with a response containing both the HTTP headers and the actual website content. The HTTP headers and the HTML response (the website content) are separated by a specific combination of special characters, namely a carriage return and a line feed. They are also known as CRLF. The server knows when a new header begins and another one ends with CRLF, which can also tell a web application or user that a new…

Read More