securityetalii.es
exploiting | Security et alii
https://securityetalii.es/category/exploiting
Seguridad, sistemas, tecnología et al. How Effective is ASLR on Linux Systems? Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the …. Read more ›. FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass). Read more ›. Tagged with: buffer overflow. Solución Nebula Nivel 18. Read more ›. Nivel ...
securityetalii.es
hacking | Security et alii
https://securityetalii.es/category/hacking
Seguridad, sistemas, tecnología et al. Remote Code Execution in Web.py framework. Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and …. Read more ›. How Effective is ASLR on Linux Systems? Read more ›. XSS killed the anti-CSRF star. Read more ›. Publicado en web hacking. SANS HolidayHack Write Up. Read more ›. Soluciones Nebu...
securityetalii.es
web hacking | Security et alii
https://securityetalii.es/category/hacking/web-hacking
Seguridad, sistemas, tecnología et al. Archivos para web hacking. Remote Code Execution in Web.py framework. Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and …. Read more ›. XSS killed the anti-CSRF star. Read more ›. Publicado en web hacking. DB2 SQL injection cheat sheet. Read more ›. Tagged with: cheat sheets. Quería ded...
securityetalii.es
XSS killed the anti-CSRF star | Security et alii
https://securityetalii.es/2013/01/23/xss-killed-the-anti-csrf-star
Seguridad, sistemas, tecnología et al. XSS killed the anti-CSRF star. XSS killed the anti-CSRF star. There’s been many a time that developers don’t fully understand that a “small” flaw can compromise the whole application if used with wit. In this case, it wasn’t even necessary to string many flaws. It sufficed with one used in the right spot to compromise the application. CSRF protected settings page. The vulnerability is obvious, since there’s no encoding of the URL (window.location.href)...Simple, the...
securityetalii.es
exploiting | Security et alii
https://securityetalii.es/tag/exploiting
Seguridad, sistemas, tecnología et al. How Effective is ASLR on Linux Systems? Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the …. Read more ›. FormatFactory 3.01 Stack Based Buffer Overflow (SafeSEH bypass). Read more ›. Tagged with: buffer overflow. Solución Nebula Nivel 18. Read more ›. Nivel ...
securityetalii.es
rce | Security et alii
https://securityetalii.es/tag/rce
Seguridad, sistemas, tecnología et al. Remote Code Execution in Web.py framework. Several months ago I happened to be looking at web.py‘s source code when I found an old-style (as in basic) remote code execution in the database module. Fortunately for most users of web.py, the database module is pretty simple and …. Read more ›. Db2 sql injection cheat sheet. Neutralidad de la red. Tricks with anonymous #JavaScript. Functions - buff.ly/2bNKqld. The Easiest Way to Bypass #XSS. HackDoxDB2 SQL Injec….
securityetalii.es
Linux | Security et alii
https://securityetalii.es/tag/linux
Seguridad, sistemas, tecnología et al. How Effective is ASLR on Linux Systems? Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the …. Read more ›. Linux Cracking Series (LCS): lincrackme3. Read more ›. Linux Cracking Series: Lincrackme2. Read more ›. DLL Hijacking Linux (Windows like). Normalmente e...
securityetalii.es
Linux | Security et alii
https://securityetalii.es/category/linux
Seguridad, sistemas, tecnología et al. How Effective is ASLR on Linux Systems? Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. In a nutshell, the idea behind ASLR is randomizing the process’ memory space in order to prevent the attacker from finding the …. Read more ›. Linux Cracking Series (LCS): lincrackme3. Read more ›. Linux Cracking Series: Lincrackme2. Read more ›. DLL Hijacking Linux (Windows like). Normalmente e...
securityetalii.es
Remote Code Execution in Web.py framework | Security et alii
https://securityetalii.es/2014/11/08/remote-code-execution-in-web-py-framework
Seguridad, sistemas, tecnología et al. Remote Code Execution in Web.py framework. Remote Code Execution in Web.py framework. Several months ago I happened to be looking at web.py. At fixing the issue was done in April and the final patch. Was committed in May. The docstring is pretty self-explanatory, as it is the vulnerability. The entry points to reparam. Are functions where(), query(), and gen clause(). Since there’s no control in any of these functions on what the user is sending as part of...After I...
securityetalii.es
Linux Cracking Series | Security et alii
https://securityetalii.es/linux-cracking-series
Seguridad, sistemas, tecnología et al. La intención de esta sección es que podamos aprender (yo también aprendo mucho haciendo estas cosas) acerca del reversing en Linux, de las técnicas que hay para proteger binarios y de la forma de superarlas. Iremos desde lo más sencillo, hasta lo más complejo que se me ocurra (incluyendo empaquetado y cifrado, por ej). Cualquier sugerencia, colaboración o duda es siempre bienvenida. Podéis contactarme por email. Y solución ( crackmes.de. Y solución ( crackmes.de.