This tutorial shows you how to bypass the NodeJs authentication page with SQL injection in the MYSQLJS library (). the MYSQLJS library is a popular Node.js library that allows you to interact with MySQL database from your JavaScript code. It…
Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and WebSocket technologies. In this post, we will dive into the analysis of a vulnerability in the apache tomcat server 9.0.27. CVE – 2020-9484 Introduction…
This post will discuss PHP type juggling and how they lead to authentication bypass vulnerability. PHP type juggling has two main comparison modes, loos(==) and strict(===). loose comparison mode has a set of operand conversion rules to make it easier…
You should almost always upgrade your shell after taking control of an apache or www user. you may encounter limited shells that use bash and only allow you to execute a single command per session. you can overcome this by…
In this tutorial, we are going to learn how to upload a web shell using SQLmap. SQLmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. Find…