Penetration testing: stuck with injecting upload form

I have to do an assignment for a penetration testing exam but i’m a little bit stuck.

Among all the vulnerabilities i have to inject an upload form but it behaves weird, if i upload a file (even an image or similar) it does not do anything so i can’t tell if the file has been uploaded or not, there is no error message , anything useful.

I have a LFI vulnearbility so i can check files in /var/www/html and get the source but i can’t find anything useful, basically i have only .php frontend files :\

What vulnerability can i expect? or are there any tests that i can do?

This is the post request of burp-suite when i upload: https://imgur.com/a/Z7zeFoQ

Thank you 🙂

Responsive websites testing

Hi everyone ,

I'm a web developer, and I've often found myself wasting too much time checking if a responsive website displays properly on all screen sizes.

I feel we have lots of powerful and advanced applications to design and code websites, but there are very few tools to test and debug the behavior of responsive web pages.

I guess many of you have found themselves in my shoes before.

To overcome this problem and make our work easier, I've created slashB, an application that provides…

Responsive websites testing

OWASP Client-Side Testing – How To

In the OWASP Testing Guide, it has a whole section called “Client-Side Testing.” This section has to do with testing for things such as DOM-based XSS, JavaScript execution, HTML injection, Client-Side URL Redirect, etc. The examples in the testing guide for the first four vulnerabilities (the ones I just listed) all include code that access document.location.

My question is, what other ways are there for these kinds of vulnerabilities to be introduced into a web page without accessing document.location? In other words, if a page does not ever access document.location, is it definitely free from these vulnerabilities?

configuring output of testssl for testing ciphers

I’m writing a script in python to automate cipher check using testssl.sh tool. the output JSON presents

 {               "id"           : "service",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "HTTP"           } ,         {               "id"           : "pre_128cipher",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "No 128 cipher limit bug"           } ,         {               "id"           : "cipher-tls1_xc014",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "TLS 1   xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"           } ,         {               "id"           : "cipher-tls1_x35",               "ip"           : "ad4screen.com/130.211.7.4",               "port"         : "443",               "severity"     : "INFO",               "finding"      : "TLS 1   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA"           } 

the output json doesn’t really tell the severity, I also used Nmap with cipher NSE script but it doesn’t support JSON output. but it does rank cipher from A (Strong) to F (Weak) . is there a way in testSSL.sh to report in JSON cipher with their rank (weak,strong, etc) ?

the command

testssl.sh -E --severity LOW --jsonfile results ad4screen.com 

it does return empty json i guess because the websites has no cipher with severity equal to low or higher, or I’m wrong ?

TheBestIndexer Free Testing

Hello everyone, we are pleased to present TBI, The Best Indexer backlinks indexing site. We are currently in beta testing and during this time all our services are free!
We will ask those who take advantage of it to give us feedback that we can then post directly on the website : https://thebestindexer.com

For any questions or requests, please comment directly below.

Thank you all and good indexing !

Cobertura (Coverage Testing Tool) : Problem with executing .jar file and displaying the form?

I want to use cobertura for coverage testing. I followed the following link:

Cobertura Link

That link provides a EC-Cobertura.jar file through download. I think it creates a parameter for passing arguments to cobertura. I am trying to run EC-Cobertura.jar but its giving me error:

:~/cobertura$   ls -l EC-Cobertura.jar -rw-rw-r-- 1 zulfi zulfi 165174 Mar  8 17:53 EC-Cobertura.jar :~/cobertura$   java -jar EC-Cobertura.jar no main manifest attribute,in EC-Cobertura.jar 

Jar file error

:~/cobertura$   chmod a+rx EC-Cobertura.jar   :~/cobertura$    ./EC-Cobertura.jar   no main manifest attribute, in cobertura/EC-Cobertura.jar :~/cobertura$   

I have already downloaded the cobertura and its installed on my ubuntu 18.04.

:~$   whereis cobertura-instrument cobertura-instrument:  /usr/bin/cobertura-instrument  /usr/share/man/man1/cobertura-instrument.1.gz :~$   

And it has the same version as the tar file provides whose link is :

cobertura download link

provided in the link of the associated help button page:

:~$   cobertura-instrument -version   Cobertura 2.1.1 - GNU GPL License  (NO WARRANTY) - See COPYRIGHT file [INFO] Cobertura: Saved information  on 0 classes. [INFO] Cobertura: Saved information on 0 classes. :~$   

But the help file does not say anything about the jar file. I still don’t know how to execute the jar file and how to display the form shown on the link:

plugin link

Somebody please guide me how to display the form? What is the purpose of EC-Cobertura.jar in this connection.

Zulfi.

Primality testing algorithm

Say, I would like to check a hypothesis concerning primes. Something like “there exists a prime between $ n$ and $ 2n$ for every choice of $ n$ “. I would like to run a code in MATLAB for choices of $ n$ upto $ 2^{32}$ and then use that data and publish the conjecture in a journal.

The question is, what should I use to check primality. Obviously, AKS is an option but it is really really slow. I can use the in-built MATLAB function $ isprime()$ which I think uses $ 10$ instances of Miller-Rabin. This will be way faster but the journal might reject this saying that Miller Rabin is probabilistic and that I should instead use a deterministicalgorithm since one exists.

What should I do? Use AKS? Go with MATLAB’s inbuilt Miller-Rabin? Or look at other deterministic algorithms?

I don’t think this is the best place to ask this. However I could not find where else to ask. Any suggestions?