In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Category: Web security
Web security
Exploiting Timed Based RCE
In a recent penetration testing project we encountered a situation where in order to prove exploitability and possible damage we had to exfiltrate data from
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Clickjacking in Firefox Hello
Clickjacking, the art of tricking users into clicking on links or buttons that no sane person would ever click on. But how much damage can you
Understanding PHP Object Injection
PHP Object Injection is not a very common vulnerability, it may be difficult to exploit but it also may be really dangerous. In order to
Security Café 