Hi everybody, today I’ll talk about the pseudo-tty idea I had and why I decided to stop the development of that module and why. ReGeorg ReGeorg is a module that could be applied to multiple language, it is made so that you will be able to proxy a TCP connection through a script. The …
Hi, today a really quick article about Amazon WebServices and the way it operates. Quick summary EC2 servers are Amazon’s equivalent of dedicated servers, while S3 are considered as buckets and are used to store files (it operates as a CDN). While on those instances, a MetaData server is available at that address: http://169.254.169.254/latest/meta-data/hostname Accessing …
Hi everybody, today I’m a little bit late but I’ll do a final article about Tapestry. I’ll write about the form system since I spent a little bit of time auditing it. How does it work? The framework will send a parameter to add to each form (as a hidden form value), which will act …
Hi, today I’ll continue a little bit my exploration about Apache Tapestry. Here’s what I learned today. General architecture of Tapestry Tapestry presents itself as a way to code with an object oriented-programming web applications. It means that when you setup a “page” in tapestry, you won’t have to think in terms of requests, parameters …
Hi everybody, this time, same treatment, I don’t think it deserves its own article so I just don’t categorize it, however it is a pentesting article. I had to test an application using Apache Tapestry today, which is a Java Web Framework, similar to faces or wicket. URLencoding The most obvious thing once you test …
Hi, today I’ll do a quick article that’s talking primarly about security but I won’t enter it into the pentest category since the question I didn’t develop a solution yet. The need for a pseudo-tty Why should we need a pseudo-tty? During a pentest, there are a lot of cases where you would need …
Hi everybody, today I’ll talk about Express, which is a NodeJS framework used to create web applications and how to abuse it to exploit a directory traversal on some implementations. Directory traversal You probably already know what is a directory traversal, but in short, it is based on the ability to use “../”, which …
Hi everybody, this week I’ll be traveling for work, so I won’t have a lot of time to do lenghty articles. The subject of the day is gonna be security again, more specifically about web and CORS. CORS CORS or Cross-Origin Resource Sharing is a mechanism using HTTP headers to specify that an application running …
Hey, today I’ll talk about security and more specifically pentest once again. I feel lucky these days because I feel I learn new things every weeks at least. Today I’ll talk about server-side JavaScript but not on MongoDB, rather I’ll speak about GatewayScript, which is a proprietary language by IBM. GatewayScript GatewayScript is used mainly …
Hi, today I’ll do a quick preamble article about NoSQL Injection, more specifically on MongoDB. I found an interesting way to call the $where operator when you’re in an NoSQL injection inside a field. Current techniques Normally, you are not supposed to be able to call the $where operator since it is a top-level …