Nov 19, 2022OCSP: FILE TRANSFER RECIPE FOR DELICIOUS POST EXPLOITATION-Part2If you did not read my previous write-up, please visit below link to read part 1, OCSP: FILE TRANSFER RECIPE FOR DELICIOUS POST EXPLOITATION — Part 1 This article is basically for all those people who are working in Infosec. Because when as an Infosec you work in any…ms-official5878.medium.com Please keep in mind the below preamble to understand this write-up better, TFTP is also known as Trivial File Transfer Protocol which runs on port number 69. TFTP protocol does not need any authentication…7 min read7 min read
May 28, 2022Stored XSS Via File Upload [SVG File Content]Hi Friends! This is my 36th blog on web application security penetration testing. In this blog I will explain about Stored XSS Via SVG File Upload. In my last blog, I have explained about Remote Code Execution by uploading ASP .NET Web Shell. Hope everyone liked it. …3 min read3 min read
May 28, 2022RCE Via [File Upload Control]Hi Folks! This is my 35th blog on web application security penetration testing. In this blog I will explain about Remote Code Execution by uploading ASP .NET Web Shell. In my last blog, I have explained about XSS Through File Upload where “Attribute-Value” of the uploaded images are vulnerable to…4 min read4 min read
May 24, 2022XSS Through File Upload [Attribute-Value]Hi Folks! This is my 34th blog on web application security penetration testing. In this blog I will explain about XSS Through File Upload where “Attribute-Value” of the uploaded images are vulnerable to XSS. In my last blog, I have explained about XSS Through File Upload where “Filename” itself was…3 min read3 min read
May 22, 2022XSS Through File UploadHi Folks! This is my 33rd blog on web application security penetration testing. In this blog I will explain about XSS Through File Upload. In my last blog, I have explained about XXE Attack. Hope everyone liked it. If you haven’t read it yet please follow along. Mohammad Mohsin - Medium Read writing from Mohammad Mohsin on Medium. Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration…medium.com3 min read3 min read
May 19, 2022XML External Entity (XXE) AttackHello Friends! This is my 32nd blog on web application security penetration testing. In this blog I will explain about XXE Attack. In my last blog, I have explained about Blind Cross Site Scripting. Hope everyone liked it. If you haven’t read it yet please follow along. Mohammad Mohsin - Medium Read writing from Mohammad Mohsin on Medium. Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration…medium.com5 min read5 min read
May 19, 2022Blind Cross Site ScriptingHello Friends! This is my 31st blog on web application security penetration testing. In this blog I will explain about Blind Cross Site Scripting. In my last blog, I have explained about DOM Based Cross Site Scripting. Hope everyone liked it. If you haven’t read it yet please follow along. Mohammad Mohsin - Medium Read writing from Mohammad Mohsin on Medium. Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration…medium.com4 min read4 min read
May 18, 2022DOM Based XSSHello Folks! This is my 30th blog on web application security penetration testing. In this blog I will explain about DOM Based Cross Site Scripting. In my last blog, I have explained about Stored Cross Site Scripting. Hope everyone liked it. If you haven’t read it yet please follow along. Mohammad Mohsin - Medium Read writing from Mohammad Mohsin on Medium. Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration…medium.com4 min read4 min read
May 16, 2022Stored XSS [Payload Execution]Hello Friends, This is my 29th blog on web application security penetration testing. In this blog I will explain Stored XSS payload execution when malicious payload is coming from DB to front end which we have saved earlier in blog 28th. In my last Blog, I have explained about Stored…3 min read3 min read
May 11, 2022Stored XSS [Front-end To Back-end]Hello Friends, This is my 28th blog on web application security penetration testing. In this blog I will explain about Stored Cross Site Scripting. In my last blog, I have explained about Reflected Cross Site Scripting. Hope everyone liked it. If you haven’t read it yet please follow along. Mohammad Mohsin - Medium Read writing from Mohammad Mohsin on Medium. Works @t @pple. Ethical Hacker, Vulnerability Assessment and Penetration…medium.com5 min read5 min read