Bypass of Disabled System Functions

Category: Web Security Readings - Last Updated: Tue, 04 Dec 2018 - by Netsparker Security Team
Bypass of Disabled System Functions

In this article, our Security Researchers examine the explicit code of the disabled system functions bypass, including the parameters of the imap_oprn function, the IMAP server types and SSH connection, and the -oProxyCommand in the exploit. They conclude with some methods to protect yourself against this bypass method. Read More

How Private Data Can Be Stolen with a CSS Injection

Category: Web Security Readings - Last Updated: Wed, 25 Apr 2018 - by Netsparker Security Team

Can private data be stolen by employing a CSS Injection? Why are hackers so determined? This article explores Cyber and Information Security expert Mike Gualtieri's experiments with CSS Exfil and the use of CSS Attribute Selectors. It concludes with a few pointers on how to avoid this type of attack and the need for a Content Security Policy. Read More