Wondering what is this kind of attack. Go through the amazing writeup of this bug discovered by Alex Birsan
And for your understanding in simple and common language you can browse the below link .
BloodHound is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and C# flavours.
1) Becoming successful is not earning money, share your knowledge and become successful.
2)Never forget you roots wherever you are
3) Good person will not criticise or never underestimate other person.
4)Don’t thrive only for your success also help your friends too.
5) Don’t run behind money, you will not take a single penny when your time comes.
6) You should not boast yourself, it should come from others. If you do good deeds then your name will go through Word-of-mouth.
6)Last but not least karma is boomerang, whatever you give it will come back whether its good or bad.
https://tryhackme.com/room/django it’s a free room
First of all understand the basics how to add ALLOWED_HOSTS in seetings.py and read all the introduction of this room to understand how the app works
After completion of reading the introduction , creating a website and concluding , now deploy the server
This is the bug I have found in some vdp program and they really don’t have time to reply back i guess so posting the vulnerability details will be useful.
First if you are taking any target keep in mind that you have to content discovery, you can use tools…
Vulnerability Category: A7- Cross-site Scripting
Vulnerability Description: A Stored Cross-Site Scripting (XSS) vulnerability occurs when a web application sends stored strings that were provided by an attacker to a victim’s browser in such a way that the browser executes part of the string as code. The string contains malicious data…
Vulnerability Category: A3-Sensitive Data Exposure
Vulnerability Description: When a user uploads an image to the application , the uploaded image’s EXIF Geolocation Data does not gets stripped. …
Vulnerability Category: A6- Security Misconfiguration
Vulnerability Description: The file paths can be revealed in the client-side source-code utilized by the application, as parameters passed within the application, or even as part of error messages. This information gives an attacker details about the operating system used by the server or developer…