Various interesting test cases to find out vulnerability in Uploading  a file

File uploading vulnerability where an application allows a user to upload a malicious file directly which is then executed.

Method1:Bypassing File uploading restrictions.

If the application is accepting only PDF files then follow the below steps,

Use HTML/nullbyte&(accepted)extension

Eg: meow.html is the file to want to upload then craft the filename to get accepted. ie meow.html%00.pdf and change Content-type: text/html……!!!!!! Bypassed and Uploads the file.

Method2: Image Pixel Attack leads to DOS

· Check for the profile pic or logo upload in the application

· Check for the file size in the upload function, if they're also still it is…


What is XSS(Cross Site Scripting)

XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

The Use of JavaScript in Cross-Site Scripting

JavaScript is a programming language which runs on web pages inside your browser.

While JavaScript is client side and does not run on the server, it can be used to interact with the server by performing background requests.

Attackers can use these background requests to add unwanted spam content to a web page without refreshing it, gather analytics about the client’s browser, or perform actions asynchronously.

How Do Cross-Site Scripting Attacks Work?

When…


open Url Re direct

URL Redirection is a vulnerability which allows an attacker to force users of your application to an untrusted external site. also known as “Unvalidated Redirects and Forwards”, Also redirection is a technique for shifting users to a different web page than the URL they requested.

An Open Redirection vulnerability is when the attackers can control to where a victim is redirected when using a web application, thus allowing them to redirect the victim to malicious websites controlled by the attackers.

When this vulnerability arises.

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection…


Server-Side Request Forgery, SSRF

Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behaviour of a server making a request that’s under the attacker’s control. SSRF is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.

In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organisations infrastructure, or to external third-party systems.

What are types of SSRF.

· Blind SSRF — occurs when you never get any information about a…


What is Application-Level DoS?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

What are types of DOS attacks?

· flooding services

· Rate limiting

· crashing services

· Distributed Denial of Service Attacks (DDoS) …

· Unintended Denial of Service Attacks.

Buffer overflow attacks, ICMP flood, SYN flood, volume based attacks, rate limiting based attacks — the most common DoS attack.

What is DDOS attack?

A DDoS attack…


Hi Guy`z I just wanted to share my hacking experience.

What is host Header attack?

The host header specifies which website or web application should process an incoming HTTP request. The web server uses the value of this header to dispatch the request to the specified website or web application.

What happens if we specify an invalid Host Header?

Most web servers are configured to pass the unrecognised host header to the first virtual host in the list. Therefore, it’s possible to send requests with arbitrary host headers to the first virtual host.

By using this attack, we can check…

Akash Venky

A white hat Hacker...!!!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store