Author: Owais Mehtab
-
Archive: Don’t you dare to inject SQL !
Well, it’s just another post discussing sql injection but from defensive perspective. We all know how dangerous sql injection can be, so how do we prevent it from happening ? There are multiple ways:- 1- Whitelisting 2- Stored Procedure (Not So Safe which we will look into in another post) 3- Prepared Statements / Paramterized…
-
Archive: Prevent Command Injection In MVC .NET
Hi folks, i have recently started to look into vulnerabilities from development aspect and it’s quite interesting to write a vulnerable code and then fix it. In this post we are going to look at a simple command injection vulnerability and how to fix it. Before we start i would like to mention my test…
-
Archive: Antivirus Evasion
A few weekends back i was wondering how do malware evade antivirus solutions, is it really that easy ? With that in mind i started looking at some known malware piece and randomly pick a anti malware solutions to my surprise AVs can still be tricked with old technique such as string substitution method, so…
-
Archive: Oracle Web Center XSS
Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS) vulnerabilities have been identified in…