Hello Technos

.  a few days back i got a mail from my wso2 Cloud Server account. so i just tried to login my account but i could not. because i forgot my cloud account password. So i was trying to reset my account by using the recovery email method. while i trying rest my account through recovery link, i  noticed that URL has a parameter which is reflected to response. hence i had got an idea to check XSS vulnerability on that page. while i am trying to exploit XSS vulnerability, I could able to find "double quotes" are escaped from the filter. then i tried several payloads which only have "double quotes" and javascript event handler. i could not get xss pop up from that webpage. so i was confused. because my request payloads are reflected response without any changes. but XSS is not succeeded. suddenly i have noticed that vulnerable parameter's input type is hidden. thus the javascript event handler is not going to execute because the javascript event handlers will be exe

whats is Oauth? it is a protocol which is helped to provide user's resource to a third application with user authorization also it allows, resource owner can be customized 3rd party application resource scope. so it allows a resource to 3rd party client based on users authorization. if you need more information about this protocol you can read this " Sample OAuth protocol base servers and client ".  there are 4 type of actors in this protocol such as resource owner(user), 3rd party application, authorization server and resource server. we already discussed OAuth follow and other important stuff in our previous posts. so in this post, we are going to discuss OAuth grant types. OAuth has 5 grant type those are authorization code grant type, implicit grant type, resource owner credential grant type, client credential grant type and refresh token grant type. however, we only consider up to four type of grant as main grant types because most of the systems don't use

figure 1 this client application based OpenID connect protocol. so it needs an identity provider helps to work. in my case, I chose Outh0 as my identity provider. if we want to use Auth0 platform we have tea create an account for us. once you created the account you will see an option called " New Application" on your dashboard. you can see the preview on figure 2. after clicking "new application" button you have to choose an application type. in my case, I have chosen "Regular Application" option. once you completed the registration, you will able to get ClientID, ClientSecret and certificate from settings. this certificate helps the client to verify the OIDC signature. figure 3 contains ClientID and ClientSecret information and figure 4 contains information about certificates. figure 3 figure 4 now you have everything to create an OpenID Connect web application. so we have to develop an OIDC client application. below im

we have to use several applications and website for our day to day activities. but most of these applications allow to getting their service after creating the user account. so if we create accounts in everywhere, we should remember all user account credentials. it is a hard thing. also, it is a time-consuming activity. hence  OpenId connect protocol helps us to sort out this problem. it allows us to use the social login feature.  it means we can login into a platform by using another well-known platform. What is OpenID Connect (OIDC)? it is a protocol which came from OAuth protocol family. some of the people have questions like this " this protocol almost similar to OAuth then why we need this?" because OAuth only focuses on authorization but OIDC also focuses on authentication.  it means OAuth shares resources to anyone who has resource access token. it is not going to check who will be received the resource. but  OIDC will check if the resource will be received by th

parrot OS is based on Linux environment so we have to download Linux version of android studio. if you want Linux version android studio just click here . after the download is completed you will get the zip file of the android studio. so you need to unzip it first. then you can see several files within the unzipped folder. figure 1 represents the sample output. Figure 1 then go to bin folder which is stored in the unzipped folder. after opening the bin folder, you can see studio.sh shell script. if you execute that, the android studio will be running on your PC's.  Note:- you have to give execute permission to studio.sh for the current user before you execute studio.sh script. (sudo chmod u+x studio.sh) Figure 2 but we will be doing like this. it's annoying, so now we are going to the terminal command that is helped to us to access android studio by using terminal commands.  move your unzipped file to "/root" from Downloads. then go to "/usr

What is death row SQL injection? normally the table has many rows itself, so if we execute the usual SQL query ("select * from table") we can get all the records from that table. if a website has SQL injection vulnerability attacker also get all records from the database. the clever programmer uses limit keyword to hide unwanted rows from an attacker. let's assume programme use LIMIT 1 in his query attacker can see only 1 row of output at one time. hence it reduces the impact of the attack. so we called hide rows as death row. death row SQL injection challenges from  http://leettime.net/sqlninja.com challenge 1: if we put a single quote at the end of the URL we will get an error. the below image shows that when we try to exploit a SQL injection attack, our first step should be fixed the query. if we use this "-- -" at the URL  end, we can fix the query  then we have to find the respected table's column by using "ORDER BY" command. i

This CTF base on sql injection. If we want to exploit sql injection we have to follow a rule. that is, we must balance the query. If we successfully balanced the query we can easily exploit the sql injection. Challenge 1 When i put a single quote at the end of the url i will get below output. While we obtain the output, we can say this output is one of the sql error. The actual error is, this one has extra single quote ( ''1''' ). So we have to balance it. If we want to balance this we must add OR’1’=’1 this at the end part of the url. After attaching the query will be modified like this a’or’1’=’1 ’ . The last quote will be added by system. Challenge 2 In this challenge if we put single quote we will get below error Our input directly goes within double quote so, this query does not need to put any special character for query balancing purposes, hence we can directly insert our malicious(

SQL injection is kind of code injection. we can compromise our victim database by exploiting SQL injection. How to find SQL injection vulnerability on a website? there are lots of tools on the internet and also we can use google dorks to find SQL injection vulnerability. google dork examples inurl:php?id= (this is common search) inurl:php?id=  facebook (this is specific domain or related thing ) NOTE: THIS SEARCH RESULT IS NOT 100 ACCURACY  How to check the SQL injection vulnerability? just put a single quote in the targeted URL. after putting single quotes in the URL. if you get an SQL related error on your victim website, then you can confirm your assumption. the below image shows an error message. How to exploit? first, we have to find the vulnerable table total columns number. so I used ORDER BY statement at the end of the url. NOTE: I ALREADY KNOW THE ACTUAL NUMBER OF COLUMN THAT'S WHY I USED 5 HERE. IF YOU USE INVALID COLUMN NUMBER YOU WILL G