websec

The predator becomes the prey. When scanning with Metasploit Pro, your victim can counter with a XSS payload, and even take over your machine. Never trust your victim! UPDATE: our paper “Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners” has been accepted at RAID 2020! Check out the full paper here. Metasploit Pro - XSS to RCE We see the targets of our scan as passive entities, and this leads to underestimating the risk of performing a network scan....

Are you sure that mysql_real_escape_string is enough to sanitize your input? (Spoiler: it’s not) From PHP Manual: string mysqli_real_escape_string ( mysqli $link , string $escapestr ) link Procedural style only: A link identifier returned by mysqli_connect() or mysqli_init() escapestr The string to be escaped. Characters encoded are NUL (0x00), \n, \r, \, ’, ", and SUB (Ctrl-Z or 0x1A) Despite what many believe, mysql_real_escape_string does not encode all MySQL special characters; it only encodes characters that may terminate a string....