XSS Part 3: Exploitation

Posted on October 15th, 2015

In part 1 we introduced XSS, and part 2 we showed some TTPs for enumerating XSS, part 3 will be demonstrating how to take advantage of XSS.  XSS can lead to full control over an application or system because it provides the attacker the ability to run code in the victim’s browser. This code is […]

Never include() My Input

Posted on October 5th, 2015

This blog post will demonstrate a vulnerability enumerated on a recent penetration test that was missed by automated testing because it was unlinked from the application.  In a previous blog post we show how to enumerate unlinked content using several techniques.  In our experience, unlinked resources can be quite interesting because they are more likely […]

XSS Part 2: Enumeration

Posted on September 29th, 2015

Continuing on from Part 1 XSS: Intro, we will go over how we enumerate XSS.  The way we go about enumerating XSS is first to properly map the application and understand its inputs.  This is done via browsing/spidering, and unlinked content enumeration using various techniques. To browse and spider the application we use Burp suite […]

XSS Part 1: Introduction

Posted on September 16th, 2015

One of the most common flaws in web applications is  Cross Site Scripting (XSS).  All too often the risk with XSS is undermined, and ends up going to the bottom of the priority list because system owners do not fully understand the potential impact. This three (3) part blog post will hopefully change that thought […]

Through SSH All Things Are Possible

Posted on August 19th, 2015

Being able to route traffic through another system can prove very useful in many situations.  This blog post will demonstrate how to leverage SSH tunnels to send traffic through an SSH session.  Three common use cases for SSH tunnels are: Sending your scanner traffic through an SSH tunnel Connecting to another service via an SSH […]