by

Exploit XXE Vulnerability Using Excel File

From my last article, we can exploit XXE using Docx file. Now lets build exploit XXE vulnerability using Excel file. Exploit XXE Vulnerability Using Excel File? Microsoft released OOXML Document, OOXML Presentation and OOXML Workbook in 7 December 2006. Source: Wikipedia. So, what is Office Open XML? Office Open XML, also known as OpenXML or

by

Exploit XXE Vulnerability Using Docx File

Today, I found a vulnerability on a server which is has feature upload for docx file. I will try to explain how to exploit XXE vulnerability using docx file and how to find this vulnerability. So.. What is XXE Vulnerability? An XML External Entity attack is a type of attack against an application that parses

by

install wpscan on macos

Now, I will try to install WPScan on MacOS High Sierra. WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find

by

VulnHub - Bulldog 1 Walkthrough

In this weekend, I will try to write a walkthrough to the VulnHub Bulldog 1. You can download this CTF VM on VulnHub’s website. First, I need to find some open port on the target machine.

I got 3 open ports on the target machine. Now let’s find out what services are running on

by

Evolution of attacks on web applications

Attacks on web applications open wide opportunities for intruders: this is the theft of critical information or sensitive information; Breaking business logic for financial gain; Also, a successful attack of a web application can be a harbinger of hacking the company’s corporate network. In this article, I’ll talk about the evolution of Web application attacks.