Ideas, Observations & Stories in Cybersecurity
If you’ve been in application security for any amount of time, you’ve seen this pattern before. A new technology arrives. Developers adopt it fast. Security teams scramble to catch up. And in the gap between adoption and understanding, attackers find a comfortable home. We saw it with cloud misconfigurations. We saw it with GraphQL. We’re…
As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP. Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website. Sqlmap…
What is OS Command Injection OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component. So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access…