Skip to main content

Posts

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 2 | Audit Guidelines | High Impact Web Vulnerability

The blog [Part-2] basically covers how to check the web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment( VAPT) manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog.

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 1 | Audit Guidelines | High Impact Web Vulnerability

The blog basically covers how to check to web application vulnerability with Burp Community Edition. This blog will be very helpful while performing the web application security assessment manually. In this part of the blog, we will cover a few vulnerabilities with High impact severity. So here is the blog.

Text Based Injection | Content Spoofing | Low Impact Common Web Vulnerability

Text Based Injection: Text injection or Text-Based Injection(TBI) is an injection in which user input is reflected as it is in the application response as plaintext. This is one of the ways to perform content spoofing also referred to as content injection or virtual defacement which can be used in phishing attacks.

An application is vulnerable to Text injection when it does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value, or from the URL only that is reflected back to the user. The user will be presented with a modified page under the context of the trusted domain.

Microsoft Bot Framework - Unvalidated File Upload | Online Service Acknowledgements | Rishu Ranjan

Microsoft Bot Unvalidated File Upload: The security issue allows a malicious actor to upload any file without validating the extension or content type of the file.
Acknowledgment: Microsoft Online Service Acknowledgements for July 2019 (https://portal.msrc.microsoft.com/en-us/security-guidance/researcher-acknowledgments-online-services?rtc=1)


Google Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions | Rishu Ranjan

The security issue allows a malicious actor to bypass the naive security implementation of rate limiters. This allows an attacker to abuse the functionality of profile view count and increases them indefinitely. The following are the steps to reproduce wherein I have used my own blogger account (https://www.blogger.com/profile/09844396241453600561)