Arbitrary File Upload in Media Manager The file dede/media_add.php is vulnerable to arbitrary file uploads. An attacker could upload a malicious script. Patch Locate the line assigning the full filename (around line 69) and replace it with the following code: if (preg_match('/\.(php|pl|cgi|asp|aspx...
Upon inspection of the URL, it shows: check.php?username=admin&password=password. To proceed, a SQL injection test is performed using the universal bypass technique: Username: 1' or 1=1# Password: 123 (any input) This reveals the actual username is admin and the password hash is 8cd498400535134...
Client-Side Asset Analysis Static inspection of frontend resources often reveals hidden artifacts. Examining the page source code exposes a hexadecimal-encoded string embedded within the markup. Decoding this value directly yields the target flag, demonstrating that client-side obfuscation provides...
File upload functionality is ubiquitous in modern web applications—user profile images, document attachments, and media files all rely on this feature. When a user submits a file, the server typically validates properties like file type, extension, size, and renames the file before storing it in a d...
During a security assessment of a web application at http://aa.test.com:8088/Admin/Login, a SQL injection vulnerability was identified. The login request revealed that the username and password parameters were encrypted on the client side before transmission. Analysis of the page's JavaScript source...
Resolving Database Port Conflicts When running an integrated server environment like PHPStudy (often referred to as XP in local setups) alongside a pre-existing local MySQL installation, a service conflict typically arises because both services attempt to bind to port 3306. To resolve this without s...
How Django's CSRF Middleware Works Django's CSRF protection is implemented through the CsrfViewMiddleware, which intercepts requests by calling the process_view method. Here's what happens during this process: Checks if the view is decorated with @csrf_exempt Retrieves the CSRF token from either the...
GWCTF 2019 - mypassword Challenge Walkthrough Challenge Overview The challenge presents a login interface with registration functionality. Upon logging in, a message indicates that SQL injection is not the intended attack vector. The interface includes a feedback submission form. Initial Analysis Th...
To establish a testing environment, you can use a Docker container. The following commands will pull and run the latest image of a pre-configured Damicms instance. docker pull betsy0/pwdflielogic:latest docker run -d -p 10001:81 --restart always betsy0/pwdflielogic:latest Risks Associated with Payme...
Installation and Deployment Pikachu is an intentionally vulnerable web application designed for practicing common web security exploitation techniques, built with PHP and MySQL. A LAMP or LEMP stack is a prerequisite to host this platform. 1. Acquire Source Files Extract the downloaded archive direc...