Category: Hacking & Security
-
Archive: Assessing Web Application Firewalls (WAFs)
In the past few years I have done several web application firewall assessments and have been very successful in bypassing them. So, thought to share some of the things that I learnt. Let me just clarify what this post is NOT about: This post is not about, how to detect web application firewall (WAFs) on…
-
Archive: Don’t you dare to inject SQL !
Well, it’s just another post discussing sql injection but from defensive perspective. We all know how dangerous sql injection can be, so how do we prevent it from happening ? There are multiple ways:- 1- Whitelisting 2- Stored Procedure (Not So Safe which we will look into in another post) 3- Prepared Statements / Paramterized…
-
Archive: Prevent Command Injection In MVC .NET
Hi folks, i have recently started to look into vulnerabilities from development aspect and it’s quite interesting to write a vulnerable code and then fix it. In this post we are going to look at a simple command injection vulnerability and how to fix it. Before we start i would like to mention my test…
-
Archive: ZTE Home Gateway vdsl CPE admin control bypass
Hi Folks, There is a vulnerability in the ZTE home-router, installed in many homes (in millions) throughout the country, provided by Pakistan Telecommunication Company Limited (PTCL), which enables an attacker to bypass admin portal authentication and display and/or change the WIFI password. Furthermore, the attacker can reset the router to its factory settings and/or restart…