Server-side template injection (SSTI) vulnerabilities tend to be less researched than other types of flaws. However, their impact is significant and often leads to remote code execution (RCE). They are therefore flaws that should not be underestimated.
In what contexts do SSTI vulnerabilities occur? How to detect them and how to prevent them?
This is what we will see in this article.
An XXE (XML External Entities) is a vulnerability ranked in the Top 10 OWASP and affecting programs interpreting XML.
Its main characteristic is the ability to read files on the target server. It can thus endanger it, for example, by accessing a configuration file containing passwords, by copying database files or by retrieving the source code of an application.
The WebSocket protocol is a protocol of the application layer of the OSI model, which enables to communicate in full duplex (a communication canal where the information can circulate simultaneously in both directions) between a client (a browser) and a web server. In two words, it allows to create real-time web applications, like instant messaging chat.
Storing passwords securely is a recurring concern.
But what are the main methods, how do they work, and what are they worth against current password cracking techniques?
In this article we explain the main principles of secure storage (hash, salt, pepper, iteration) and highlight their importance for resisting password recovery methods. Finally, we will talk about a reliable hash function for secure storage.
A digital certificate is a data file that allow, on the one hand, the non-repudiation and the integrity of data, and on the other hand, to identify and to authenticate a person or an organization and also to encode communications.
A digital certificate includes several information, as:
This last point is crucial to verify the trustworthiness of a certificate. For this, when a certificate is received, a chain of trust is built to a certificate authority.
To explain the working of the chain of trust, let’s present some notions:
The Metasploit framework is an open source tool, allowing searching, analysing and exploiting vulnerabilities. It has many modules and tools that can be very useful during intrusion tests, whether on Web applications or on a company’s information system.
Although often used relatively basically, for example to launch a simple exploitation module on a target, this framework has options and tools that make it a key ally for a pentest. We will therefore see here how to use the Metasploit framework in an optimized way.
In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simple theoretical framework, but various elements (either due to the vulnerability itself or due to security implementations) can make the task more complicated.
In this article, we will have a look at various methods to go further. On
the agenda:
Now that we have introduced four main functionalities of Burp Suite in the previous article, we will go a bit further with some functionalities and extensions that can increase the quality of an audit and your efficacy.
Functionalities and screenshots presented in this article are from the version Professional 2.1.01.
Alternative to classic Bluetooth, Bluetooth Low Energy is chosen increasingly for the IoT. This technology, also known as the abbreviation BLE, is establishing itself for connected devices, as it is ideal to send small amounts of data between devices and to preserve the battery; which matches the IoT’s needs perfectly. Classic Bluetooth, on its side, is used to send large amounts of data between a device and a user (wireless headphones and speakers are using Bluetooth for example).
USB devices are so convenient. Whenever we need to store small amounts of data, we use a USB stick. Everyone owns one and we generally trust it to be safe. USB keys are one of the main ways to do industrial espionage, but attacks against random civilians and companies are also common.
The 2018 Honeywell report on USB threat to industrial operators analyzed a sample of 50 locations. Energy, chemical manufacturing, pulp & paper, oil & gas and other industrial facilities were concerned by the study. Among the locations targeted, 44% blocked a suspicious file originating from USB ports and 15% of the threats detected and blocked were high-profile threats, like Stuxnet, Wannacry and Mirai.