0P3N Blog

Cybrary’s Open Blog is a user contributed cyber security knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Xpath Injection (Final)

By: Multi Thinker
July 8, 2015
Testing and confirming Xpathi Testing for Xpath and confirming are the most important parts. Most of us, and specially the readers of securityidiots, see SQLi everywhere and anywhere they find an error - even if the error is a Conversional Error, Internal Error or Programming Error. Sometimes, people assume that getting blocked by WAF upon ...

XPath Injection (Part 2)

By: Multi Thinker
July 8, 2015
The XML Example Document We'll use the following XML document in the examples below. <?xml version="1.0" encoding="UTF-8"?><bookstore><book> <title lang="eng">Harry Potter</title> <price>76.99</price></book><book> <title lang="eng">Learning XML</title> <price>22.95</price></book><book> <title lang="eng">Learning XPATH</title> <price>30.20</price></book><book> <title lang="eng">Learning Secrets of Injections</title> <price>50.99</price></book><book> <title lang="eng">Learning Programming</title> <price>53.45</price></book></bookstore>   Selecting NodesXPath uses path expressions ...

Evil Twin Attack Using Kali Linux

By: ^Graff
July 7, 2015
Evil Twin Attack using Kali Linux By Matthew Cranford I searched through many guides, and none of them really gave good description of how to do this. There's a lot of software out there (such as SEToolkit, which can automate this for you), but I decided to write my own. The scope of this ...
I hope this helps others; I find this helpful and useful for my accounts.My technique of using strong and different passwords for any accounts is done through the use of the message digest or hash value. The calculated hash value of a certain word or file is what I used as my password.A strong password must include the following: ...
Are you familiar with the process of a virtual machine's OS separating from its parent's hypervisor, which is known as VMEscape? Are you familiar with the key vulnerabilities that exist within the VMEscape process? Here is how you mitigate security risks in VMEscape: Keep virtual machine software patched. Install only the resource-sharing features that ...
Hi Team,Here's something interesting about Android phone security. You can protect your phone as well safely store information inside the phone. It's possible this information won't be new for all, but trust me, if you don't know this, it could be very beneficial.If your phone has been lost or stolen, you can: Lock your phone. ...
Recently in my internship, I was posed with a significant problem. One of the PCs at the company where I work was hit with a new kind of malware that got past all of our threat detection software. A user complained that our threat detection software was blocking every application like IE and Word, which the individual ...
Social Engineering Overview | Mind Attacks What is social engineering ? According to Wiki: "In the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from ...

XPath Injection (Part 1)

By: Multi Thinker
July 1, 2015
XPath is used to create queries which allow users to manipulate data inside a XML document. In this tutorial, we'll start with the basics of XPath queries to understand them better. Later on, we'll move onto the injecting part. Below is a little introduction to XPath from the w3school to understand the terminology used ...
This information might already be in the forums or quickly retrieved via searching online. Yet, after a few minutes of not finding a link, a how-to, etc online, I decided to attempt to update Burp Suite in Kali on my own.When I opened the application today, it prompted to download a new version. I ran software updates and ...