.svg){kind=small}
.svg){kind=small}
When you are doing a penetration test, there are certain tasks that you have to repeat over and over every single test you do. One of these tasks for a web application penetration test is checking the headers that the web server sends back to the user. These headers may contain interesting information that help […]
Tag: web applications
Easily Remove Unwanted HTTP Headers in IIS 7.0 to 8.5
The StripHeaders module is a Native-Code module for IIS 7.0 and above, designed to easily remove unnecessary response headers and prevent information leakage of software and version information, which can be useful to an attacker. See the installation section for information regarding deploying StripHeaders within your organisation. See the configuration section for information regarding removing […]
Reproducing an Umbraco Remote Code Execution Vulnerability
During a recent penetration test I came across a website running Umbraco CMS (https://umbraco.com/). Umbraco is an open source content management system for publishing content on the World Wide Web and intranets. It is written in C# and deployed on Microsoft based
Cross-Site Scripting through Flash Objects
Despite waning support for ActionScript on mobile platforms, the inclusion of ActionScript animations in web applications is common. Typically these animations are in the form of embedded SWF files, either through directly serving this content, or through an intermediate application which loads the SWF files from a protected area of the web server. The following […]
Blind SQL injection through an Excel spread sheet
In a recent penetration test that I carried out, I faced an unusual form of SQL injection that fortunately (for me!) let me gain access to sensitive data in the backend database. I would like to share how I found this and exploited it with you. After doing the typical information gathering phase of the […]
List websites on Shared Servers using Bing API
Finding websites that are hosted on a particular IP address or that are hosted on a shared web server is a very useful part of information gathering during a penetration test. Bing supports searching for websites that are indexed on a particular IP address, and there are a few websites that provide this service too, […]
Penetration Testing: A Preventative Security Control
Penetration testing should be part of a preventative approach to Information Security and Security Control to ensure that vulnerabilities are not exploited. It is still a mystery as to why a large number of organisations do not take a more preventative approach to Information Security. There has been enough information in various publications about the […]
Vulnerability: Grapecity DataDynamics Report Library Cross-Site Scripting
Grapecity’s DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. CVE: N/APublished: Mar 24 2011 11:00AMVulnerable: Version 1.6.1871.61 and earlier An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may […]
Configuring Metasploit for Client Side Attacks
During a client side test, several areas need to be setup for a successful attack. In this short article I will describe how to configure Metasploit by making use of the features in the latest release (currently 4.1). The client side attack we are considering here is an email with a link to a download, […]
Security is a Process, not a Product
Security is a process, not a product – Strong IT security brands encourage the use of a single commercial product but this is not as secure as a process. It’s not a novelty to say that the market is often regulated by the strong business brand and it is no exception for IT security. Companies […]