Category: Web Hacking

Local File Inclusion ———————————————- Normal Request: We can download another file with change the value on filename parameter and we can send this request without login. Example: Add User Account with Admin Privilege without Login ———————————————- We can create user and give admin privilege to user which we have made without login. Because this app […]

Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. https://www.owasp.org/index.php/Command_Injection Vulnerable Menu: Tools – Ping Proof of Concept: POST /u/jsp/tools/exec.jsp HTTP/1.1 Host: 192.168.0.13:8081 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, […]

After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor. well, it’s a quite simple script, just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result. Put the result in one-liner code execution and done. Another version with […]

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5): Where: -p = your password to access the backdoor -g = generate a new encrypted php file (it doesn’t actually encrypt […]

Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating the backdoor. it will create a WAR file contain a random name for jsp backdoor file 2. Upload the WAR file. 3. Use netcat to listen for […]

Two days ago, I tried to do some research with web application security. My main focus is targeting the upload feature of a website. Many website today using upload feature to interact with their user, for example on a job searcher website or educational website. From several trials that I’ve done with some website, almost […]