SEO spam and hidden links: how to protect your website and your reputation
Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.
sql injection
Hack The Box: Cat Machine Walkthrough – Medium Diffculity
Hack The Box Success: Cat Machine Write-Up Published!
I’ve just published my personal write-up for the Cat machine on Hack The Box. In this challenge, I gained the user flag by exploiting a Stored XSS vulnerability to capture the admin session cookie, followed by an SQL Injection to extract credentials and gain SSH access. For the root flag, I took advantage of a vulnerable image processing script owned by root, crafting a payload to gain a root shell and retrieve the flag. The full write-up dives into each step, the logic behind the attacks, and key takeaways.
#CyberSecurity #HackTheBox #PenetrationTesting #EthicalHacking #CTF #WriteUp #XSS #SQLi #PrivilegeEscalation #InfoSec #CTFWriteup
The post Hack The Box: Cat Machine Walkthrough – Medium Diffculity appeared first on Threatninja.net.
Halo ITSM Vulnerability Exposed Organizations to Remote Hacking
An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.
Researchers Discover SQL Injection Issue That Can Bypass Airport Security
Researchers highlighted a serious security threat posed to airports and flight cockpits due to a…
Researchers Discover SQL Injection Issue That Can Bypass Airport Security on Latest Hacking News | Cyber Security News, Hacking Tools and Penetratio…
SQL Injection Attack on Airport Security
Interesting vulnerability:
…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.
The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all…
F5 BIG-IP vulnerabilities leveraged by attackers: What to do?
The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may sh…
Hack The Box: Intentions Machine Walkthrough – Hard Difficulty
In this post, I would like to share a walkthrough of the Intentions Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Intentions machine? For the user flag, you will need to abuse the SQL Injection of the second order which will […]
The post Hack The Box: Intentions Machine Walkthrough – Hard Difficulty appeared first on Threatninja.net.
HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty
In this post, I would like to share a walkthrough of the OnlyforYou Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the OnlyforYou machine? For the user flag, you will need to able to read different files throughout an LFI Vulnerability that […]
The post HackTheBox: OnlyforYou Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.
Hack The Box: Socket Machine Walkthrough – Medium Difficulty
In this post, I would like to share a walkthrough of the Socket Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Socket machine? For the user flag, you will need to download the Windows Application which requires our attention especially when […]
The post Hack The Box: Socket Machine Walkthrough – Medium Difficulty appeared first on Threatninja.net.
Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution
SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a remote attacker to execute arbitrary code on vulnerable systems. “The two package search handlers, Search […]
The post Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution appeared first on Security Affairs.