Wondering what is this kind of attack. Go through the amazing writeup of this bug discovered by Alex Birsan

And for your understanding in simple and common language you can browse the below link .


Hi Friends,

I am sharing my notes which I jotted down for my reference, excuse me if I made any mistakes and my english

BloodHound is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and C# flavours.

  • It identifies different attack…

Inside thoughts

1) Becoming successful is not earning money, share your knowledge and become successful.

2)Never forget you roots wherever you are

3) Good person will not criticise or never underestimate other person.

4)Don’t thrive only for your success also help your friends too.

5) Don’t run behind money, you will not take a single penny when your time comes.

6) You should not boast yourself, it should come from others. If you do good deeds then your name will go through Word-of-mouth.

6)Last but not least karma is boomerang, whatever you give it will come back whether its good or bad.

https://tryhackme.com/room/django it’s a free room

First of all understand the basics how to add ALLOWED_HOSTS in seetings.py and read all the introduction of this room to understand how the app works

After completion of reading the introduction , creating a website and concluding , now deploy the server

Connect to…

This is the bug I have found in some vdp program and they really don’t have time to reply back i guess so posting the vulnerability details will be useful.

First if you are taking any target keep in mind that you have to content discovery, you can use tools…

Vulnerability Category: A7- Cross-site Scripting

Vulnerability Description: A Stored Cross-Site Scripting (XSS) vulnerability occurs when a web application sends stored strings that were provided by an attacker to a victim’s browser in such a way that the browser executes part of the string as code. The string contains malicious data…

Vulnerability Category: A3-Sensitive Data Exposure

Vulnerability Description: When a user uploads an image to the application , the uploaded image’s EXIF Geolocation Data does not gets stripped. …

Vulnerability Category: A3- Sensitive Data exposure

Vulnerability Description: Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers. …

Vulnerability Category: A6- Security Misconfiguration

Vulnerability Description: The file paths can be revealed in the client-side source-code utilized by the application, as parameters passed within the application, or even as part of error messages. This information gives an attacker details about the operating system used by the server or developer…

gayatri r

#infosec enthusiast, pentester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store