All posts by valters.eu

DOM-based document-domain manipulation

In this section, we’ll describe DOM-based manipulation of the document.domain property and suggest ways to reduce your exposure to this kind of attack. What is DOM-based document-domain manipulation? Document-domain manipulation vulnerabilities arise when a script uses attacker-controllable data to set the document.domain property. An attacker may be able to use the vulnerability to construct a URL that, if visited…

Read More

DOM-based JavaScript injection

In this section, we’ll talk about DOM-based JavaScript-injection vulnerabilities, discuss how they can impact the victim and suggest ways to reduce your exposure to JavaScript-injection vulnerabilities. What is DOM-based JavaScript injection? DOM-based JavaScript injection vulnerabilities arise when a script executes attacker-controllable data as JavaScript. An attacker may be able to use the vulnerability to construct…

Read More

DOM-based open redirection

In this section, we’ll talk about what DOM-based open redirection is, demonstrate how an attack is constructed, and suggest ways to reduce your exposure to DOM-based open-redirection vulnerabilities. What is DOM-based open redirection? DOM-based open-redirection vulnerabilities arise when a script writes attacker-controllable data into a sink that can trigger cross-domain navigation. For example, the following…

Read More

Examining the database in SQL injection attacks

When exploiting SQL injection vulnerabilities, it is often necessary to gather some information about the database itself. This includes the type and version of the database software and the contents of the database in terms of which tables and columns it contains. Querying the database type and version Different databases provide different ways of querying their version….

Read More

SQL injection cheat sheet

This SQL injection cheat sheet contains examples of the useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. String concatenation You can concatenate together multiple strings to make a single string. Oracle ‘foo’||’bar’ Microsoft ‘foo’+’bar’ PostgreSQL ‘foo’||’bar’ MySQL ‘foo’ ‘bar’ [Note the space between the two strings]CONCAT(‘foo’,’bar’)…

Read More