Sensitive Data Exposure or Information Disclosure is a vulnerability that allows an attacker to gather internal information such as software and versions in use, that will allow him to prepare a focused attack, commit identity theft and impersonate other users of a website.
web hacking
SQL Injection – Explained
The number 1 threat according to the owasp top 10 list are injections. Among them is the SQL Injection.
An SQL Injection abuses bad sanitation to inject malicious SQL code into a web server or web application.
Advertisements
Cross Site Scripting (XSS) – Explained
Cross Site Scripting is one of the top dangers in a modern web application. In order to exploit this vulnerability, an attacker has to “inject” malicious javascript code into the site.
The Necromancer | Vulnhub Machine
The Necromancer Challenge is an interesting vulnhub box with 11 flags in various disciplines.
It starts of with network monitoring via wireshark and continues with simple bas64 decoding and some hash/ password cracking.
The challenge offers a lot to play around including steganography, cracking, binary exploitation and reversing. There’s even a little web hacking involved, so there’s something for everyone.
Enjoy the full challenge in the playlist posted above.