PinnedTushar SuryawanshiRemote command execution through file upload — RCEDescription : The application provides a functionality wherein a file from the server is read, processed and the result of the processing…Aug 19, 2022Aug 19, 2022
PinnedTushar SuryawanshiCross Site Tracing Attack — XSTXST could be used as a method to steal user’s cookies via Cross-site Scripting (XSS).Jun 20, 20221Jun 20, 20221
Tushar SuryawanshiThick-Client Penetration TestingUnderstanding of Thick Client Penetration IntroductionJul 24Jul 24
Tushar SuryawanshiCross-Origin Resource Sharing (CORS) Vulnerability: Example and PreventionCross-Origin Resource Sharing (CORS) is a mechanism that allows web pages to access resources from domains other than the one that served…Apr 14, 20231Apr 14, 20231
Tushar SuryawanshiSQLMap: A Comprehensive Guide to SQL Injection TestingSQL injection is a common attack vector for hackers looking to steal sensitive data from vulnerable web applications. SQLMap is a popular…Apr 14, 2023Apr 14, 2023
Tushar SuryawanshiUnderstanding Host Header Injection Attacks and How to Prevent ThemWeb applications are an essential component of today’s internet, and as such, they are constantly under threat from a variety of attacks…Apr 13, 20231Apr 13, 20231
Tushar SuryawanshiHTTP Request Smuggling: Understanding and Mitigating the RisksHTTP request smuggling is a type of web application attack that involves exploiting vulnerabilities in how web servers handle and interpret…Apr 13, 2023Apr 13, 2023
Tushar SuryawanshiUnderstanding HTTP Status Codes: What’s the Appropriate Code for Accessing Post-Logging Resources?As a developer, one of the most important considerations when building web applications is how to handle various types of requests. One…Apr 12, 2023Apr 12, 2023
Tushar SuryawanshiSet Multiple Paths in Cookies AttributesHTTP cookies are used to store information about a user’s interaction with a web application. They are used to maintain user sessions…Apr 10, 20231Apr 10, 20231