Sanduni FernandoGetSimple CMS File Upload VulnerabilityBy abusing the file upload functionality, a malicious authenticated user can upload an file, which results in arbitrary code executionJun 24Jun 24
Sanduni FernandoHackTheBox — Sense writeupThis is the 3rd blog out of a series of blogs I will be publishing on retired HTB machines.Sep 12, 20221Sep 12, 20221
Sanduni FernandoHackTheBox — Nibbles writeupThis is the 2nd blog out of a series of blogs I will be publishing on retired HTB machines.Sep 1, 2022Sep 1, 2022
Sanduni FernandoHackTheBox -Bashed writeupThis is the first blog of the series of blogs I will be publishing on retired HTB machines.Aug 31, 2022Aug 31, 2022
Sanduni FernandoBlind SQL injection with conditional errorsAs we discussed in preceding Lab exercise, Blind SQL injection is a type of SQL injection attack that asks the database true or false…Aug 17, 20221Aug 17, 20221
Sanduni FernandoBlind SQL injection with conditional responsesIn many cases of SQL injection, the application does not return the results of the injected query to the user’s browser, nor does it return…May 12, 2022May 12, 2022
Sanduni FernandoExamining the database in SQL injection attacks.Your ultimate goal of attacking a web application is to extract interesting data from the database. To do that, you must gather some…Apr 13, 2022Apr 13, 2022
Sanduni FernandoSQL injection UNION attack to retrieve multiple values within a single columnConsider a situation where the original query returns multiple columns from the target table. Instead of checking each column to determine…Mar 29, 2022Mar 29, 2022
Sanduni FernandoSQL injection UNION attack to retrieve interesting dataOnce you have identified the number of columns required in your injected query, and have found which column can hold string data, you are…Mar 22, 2022Mar 22, 2022
Sanduni FernandoSQL injection UNION attack, finding a column containing textFinding columns with a useful data type in an SQL injection UNION attackNov 20, 2021Nov 20, 2021