Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers

Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]

Gain Root without Password- macOS Sierra

A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]

Exploiting Browsers using PasteJacking and XSSJacking Vulnerability

Hi Readers, in the field of penetration testing, we all know attacks such as Clickjacking, Cross Site Scripting etc. These are attacks from most  OWASP Top 10 test cases. Today we will look into some advanced attack vectors which have been lately around sometime but not all are aware of. Pastejacking. The art of changing […]

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing […]

PageKit Open Source CMS Penetration Test

Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. Following vulnerabilities Saurabh have found during the penetration testing. Vertical/Horizontal Authentication Bypass or Password Reset Vulnerability (Critical)  – CVE-2017-5594 Server side information disclosure (Medium) Misconfiguration Improper use of .htaccess […]

Learn About Race Conditions Vulnerability

To learn about Race Conditions Vulnerability, let us start with an example – Imagine yourself in a bus, where all the seats are occupied and several people are standing. Now, the destination of one of the passengers seated has arrived. He gets down the bus leaving his seat vacant. You see that vacant seat and […]

Everything about the CSV Excel Macro Injection

CSV Excel Macro Injection, also known as Formula Injection or  CSV Injection, is an attack technique which we use in the day to day penetration testing of the application. CSV injection is a vulnerability which affects applications having the export spreadsheets functionality. These spreadsheets generate dynamically from invalidated or unfiltered user inputs. Modern web applications offer […]