So, I was involving in one of projects where client site and admin panel/dashboard was hosted on different sites. Not like a lot of CRM`s do or 90% of common sites (just in /admin or other URL location on root client site), but literally on different domains.
To get access inside of dashboard login page, user should do request to client site (opened for all people), on specific URL, where after process with some questions/verification his IP gets added to database. On dashboard site running some script, that fetch array of approved IP and rebuild root .htaccess according to template every x minutes. Final .htaccess file looks in next format:
Order Deny,Allow Deny from all Allow from localhost Allow from 127.0.0.1 Allow from... List of approved IPs line by line goes here
I want to do same configuration in one of my app and working on that. Because IP whitelist located in header of root .htaccess file, there is no any chance to load any file/subdirectory/URL from this domain, I will always get 403 error.
As I understand, all MySQL payloads will be dropped by server before even reach application with PHP/MySQL. The question that bothers me, what kind of attacks are still possible on this dashboard, with such .htaccess configuration in root, on latest Apache 2.4? Maybe there any ways to bypass it, with some tricky headers or something like that?
From what I am thinking, possible only:
- XSS attacks on client site, in case if data not filtered and printed in dashboard.
- CSRF attacks on dashboard if you know whitelisted users and application structure.
- Brutforce and scanning of non-web ports like FTP, SSH, SMTP, etc, where requests wont be dropped because of .htaccess whitelist
What else possible attacks should be considered while I am working on security? (Including attacks on client site that somehow linked or speaking with this dashboard)
I was able to bypass SSRF blacklist filter in a PHP server using DNS rebinding.However, when I tried the same for Java servers, I wasn’t able to do it. The reason being, in Java servers the JVM maintains a DNS cache which stays for 10 seconds.
Is there a way to bypass it? Any theoretical bypass atleast?
some_admin_user ALL=/bin/find ALL, !/bin/bash
How to bypass the above /etc/sudoers rule, Please suggest.
“This application is not licensed. Please go to Google Play and uninstall the app then purchase”. How hackers can bypass this box?
There are 19 creatures in the Monster Manual that are resistant to necrotic damage. By comparison, only 4 are resistant to radiant damage. This makes playing a Warlock, necromancer Wizard , or the cleric spell Spirit Guardians as an evil character unfair compared to other classes that can deal radiant damage.
Is there a way to bypass resistance/immunity to necrotic damage?
Why have they nerfed necrotic damage?
Catalina has some new security features which include System Preferences > Security & Privacy features, which requires apps to request access to specific computer functionality such as camera, microphone, full disk access, input monitoring, etc.
Under what conditions could malware bypass such requirements to use those components without permission, and would it still be visible inside System Preferences > Security & Privacy or would they be capable of hiding their presence?
I am new to cyber security domain. I want to know what is the best method to bypass the Fortinet Firewall. I have tried using VPNs but the firewall blocks them, VPNs don’t connect. I tried Tor, but it doesn’t connect as well. What tool should I use? Also, this is my first question on this stackexchange, so if this is off topic or not posted with proper requirements, then please guide me in the comments
I was practising some labs to get better at XSS and SSRF. I found that sometimes I just encode characters once and the security filter is bypassed and occasionally I have to encode it two times.
How does the filter work in the backend? Can someone explain with a scenario?
This question already has an answer here:
- Bypassing HTML encoding [closed] 1 answer
i’ve been trying to bypass an xss filtering system
but i failed to exploit it ,
i’ve searched alot but couldn’t find anything that works
so i thought i should ask u guys
i’ve entered all the characters i could find (on my keyboard)
here is the list:
and here is the result in html :
<span id="search-term"><>?/\;:'"!@$ %^&*()-_=+`~</span>
as you can see only these characters are being escaped
< > &
looks kinda easy to exploit but when you dig into it and actually try to
exploit it you’ll find out that its not as easy as you think .
any idea how to bypass this monster ?
When I apply Magical Tinkering or an Infusion to a weapon, does the weapon count as magical to bypass resistance to non-magic weapons?
Magical Tinkering At 1st level, you learn how to invest a spark of magic into mundane objects. To use this ability, you must have tinker’s tools or other artisan’s tools in hand. You then touch a Tiny nonmagical object as an action […]
Infusing an Item Whenever you finish a long rest, you can touch a nonmagical object and imbue it with one of your artificer infusions, turning it into a magic item. […]