Chain exploitation of SSTI -> DoS && XSS in Squiz Matrix CMS. INTRODUCTION Recently I was preparing another article for AppSec Tales about Server Side Template Injection. In the impact section, I wanted to give an interesting real-life example, and I remembered that two years ago, I had an excellent case…

Some tips about assembly and exploit development on Windows x86. INTRODUCTION The article was created for all those who asked me for some of my notes. I have paraphrased them and cut out a large part to avoid plagiarising the EXP-301 course material. There are some tips about x86 assembly and…

Article about — how to prepare for the EXP-301 course and OSED exam. INTRODUCTION This article is a short guide on preparation for the EXP-301 course and the OSED exam. There are links to blogs, tools, other courses, exercises, and all kinds of sources I used for my preparations. EXP 301 — DESCRIPTION This course…

Setting up the environment for testing and crimson_recon explanation. INTRODUCTION It has been a couple of months since the last article about the automatization of Web Application Penetration Testing. From that moment, Crimson had grown up from those few code snippets described in previous articles, and if you are a kind…

Application Security Testing for Carriage Return Line Feed injections. INTRODUCTION The article describes how to test the application to find CRLF injection vulnerabilities. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard Bug bounty reports Own experience. TOOLING Tools with basic…

Application Security Testing for the Unvalidated Redirects and Forwards. INTRODUCTION The article describes how to test the application to find Open Redirect vulnerabilities. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard Bug bounty reports Own experience. TOOLING Tools with basic…

Blind Format String & Dumping binary & RE & BO [x64] — This is my 12th walkthrough referring to the methodology described here. From this tutorial, I decided it was time to grow up and started using Python version 3.9+ take a notice of this fact when you are using the below code. 0. Connect to the binary: The only information provided with this challenge was an…

Application Security Testing for the Server Side Request Forgery. INTRODUCTION The article describes how to test the application to find Server Side Request Forgery vulnerabilities. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard Bug bounty reports Own experience. TOOLING Tools…

Application Security Testing for the File Inclusion vulnerabilities. INTRODUCTION The article describes how to test the application to find Local & Remote File Inclusion vulnerabilities. The advice in this article is based on: OWASP Web Security Testing Guide OWASP Application Security Verification Standard Bug bounty reports Own experience. TOOLING Tools with basic…