Cryptographic Failures Cryptographic Failures refers to the failures related to cryptography which often lead to leak/exposure of sensitive data. In OWASP Top 10 2017 list…
Log4J Basics Apache Log4J is a java based logging library used in java applications. It is basically a logging framework which logs users and servers…
Define Broken Access Control Broken Access Control : In a web application the broken access control vulnerability arises when the application fails to properly validate…
Introduction CORS or Cross-origin Resource Sharing allows web developers to work around the same-origin policy. The CORS standard describes new HTTP headers which provide browsers…
Introduction A Direct Object Reference is a web application design method in which entity names are used to identify application-controlled resources that are passed in…
Introduction The CSRF or Cross Site Request Forgery is a web vulnerability, where an attacker tricks the victim’s browser to send forged requests to a…
RFI stands for Remote File Inclusion, this vulnerability allows an attacker to dynamically include files/scripts from remote/external sources into the web server. This vulnerability occurs…
fimap is an LFI/RFI detection and exploitation tool written in python which can find, prepare, audit, exploit and even google automatically for local and remote…
In this post we are going to see, how an attacker can exploit LFI vulnerability to to achieve code execution by the use of /proc/self/environ…
Introduction The LFI stands for Local File Inclusion, it allows an attacker to include files that exist (available locally) on the target web server. This…