Published inInfoSec Write-ups·Jan 13, 2021CRASH COURSE FOR FINDING SQL INJECTION IN WEB APPS: PART 1I agree manually finding SQL injection in web applications is difficult stuff and not easy to find. It often considered a P1 bug in bug bounty if the impact is high and also tops the OWASP top 10 as it comes in injection. This blog post will help anybody to…Hacking12 min readHacking12 min read
Jan 13, 2021CRASH COURSE FOR FINDING SQL INJECTION IN WEBAPPS:PART 2When performing an SQL injection UNION attack, there are two effective methods to determine how many columns are being returned from the original query. The first method involves injecting a series of ORDER BY clauses and incrementing the specified column index until an error occurs. …10 min read10 min read
Jan 13, 2021CRASH COURSE FOR FINDING SQL INJECTION IN WEBAPPS:PART 3BYPASSING THE FILTERS In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from exploiting the flaw without restrictions. For example, the application may remove or sanitize certain characters or may block common SQL keywords. …Infosec12 min readInfosec12 min read
Jan 13, 2021CRASH COURSE FOR FINDING SQL INJECTION IN WEBAPPS:PART 4BLIND SQL INJECTION VULNERABILITIES Now this part comes to so called advanced exploitation of sql injections.This is the most commonly seen in big corporations during bug bounty hunt by 1337 hunters around the world. Blind SQL injection arises when an application is vulnerable to SQL injection, but its HTTP responses…Infosec15 min readInfosec15 min read
Published inInfoSec Write-ups·Sep 20, 2020CVE-2020–24115Use of hardcoded credentials in source code leads to admin panel access — Link: https://nvd.nist.gov/vuln/detail/CVE-2020-24115 # Exploit Title: Online Book Store 1.0 — Use of Hard-coded Credentials in source code leads to admin panel access # Date: 2020–07–22 # Exploit Author: Mayur Parmar(th3cyb3rc0p) # Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ # Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip # Version: 1.0 # Tested on Windows10 # CVE: CVE-2020–24115Cve3 min readCve3 min read
Published inInfoSec Write-ups·Aug 13, 2020TryHackMe: Bolt walkthrough by Mayur Parmar(th3cyb3rc0p)A hero is unleashed Room Link: https://tryhackme.com/room/boltCtf4 min readCtf4 min read
Published inInfoSec Write-ups·Aug 11, 2020TryHackMe: Gotta Catch’em All! Walkthrough by Mayur Parmar(th3cyb3rc0p)This room is based on the original Pokemon series. Can you obtain all the Pokemon in this room? — Room Link: https://tryhackme.com/room/pokemonCtf4 min readCtf4 min read
Published inInfoSec Write-ups·Jul 30, 2020TryHackMe:(MAL: Strings) Walkthrough by Mayur ParmarInvestigating “strings” within an application and why these values are important! Room link: https://tryhackme.com/room/malstrings Note: This room is for Premium Members Only. who purchased THM premium membership. Motivation: What you will learn after completing this Room: String analysis OSINT Static Analysis(Part of Malware Analysis) What are “strings”? > From a…Ctf6 min readCtf6 min read
Published inInfoSec Write-ups·Jul 29, 2020TryHackMe: OWASP Top 10(Day 2) Beginner friendly walkthroughWalkthrough [Day 2] Broken Authentication TryHackMe Room Link: https://tryhackme.com/room/owasptop10 [Day 2] Broken Authentication:Ctf3 min readCtf3 min read
Published inInfoSec Write-ups·Jul 16, 2020TryHackMe: OWASP Top 10(Day 1) Beginner friendly walkthroughWalkthrough [Day 1] Injection TryHackMe Room Link: https://tryhackme.com/room/owasptop10 Recently TryHackMe released ten days OWASP Top10 challenges where beginners will learn OWASP top 10 practically. Connect to the tryhackme network using OpenVPN using below link TryHackMe | Hacking Training TryHackMe is an online platform for learning and teaching cybersecurity, all through your browser.tryhackme.com.Ctf5 min readCtf5 min read
