Knowledge base: Hacking

In this section we share our knowledge about hacking.

path traversal

What is path traversal?

Path traversal or directory traversal is a vulnerability where an attacker can request arbitrary files from a server by breaking out of a directory.
over posting

What is a mass-assignment attack?

Mass-assignment, sometimes also referred to as an over-posting attack, is an attack on (web) applications in which an attacker can arbitrarily modify elements of an object.
Blind SQL injection

Blind SQL Injection

With blind SQL injections, an attacker can extract information from the database without the application returning a response.

What is Server-side request forgery (SSRF)?

Server side request forgery (SSRF) is an attack where the server makes a request that it shouldn't. It is part of the OWASP top 10 on place 10.

CVE-2016-7941 – XSS in Netgear ProSAFE switches

A tale about the discovery of CVE-2016-7941, XSS in Netgear ProSAFE switches, which was discovered quite some time.

XXE: What is entity injection?

Entity injection attacks can attack applications and cause data leaks. This happens when the XML parser is incorrectly configured.
reverse tcp shell

Upgrade NetCat shell

By default, a NetCat shell is limited and prone to errors. With a few simple commands it can be upgraded to a fully interactive shell.

What is clickjacking?

Clickjacking, sometimes called "UI redressing", is a way of stealing a well placed click from a victim. The goal of the attack is to trick a user to perform an action without the consent of a user, which benefits the attacker. Clickjacking is usually combined with social engineering and security flaws.
OWASP logo

The OWASP top 10

OWASP is an organization committed to a safer world. This organization periodically publishes a list of the 10 most common vulnerabilities in websites, the OWASP top 10. This list gives you an idea of ​​what CyberAnt pays attention to when we test your website.
Het .DS_store is een inhoudsopgave van je map

The risk of .DS_Store

MacOS creates a hidden file called .DS_Store in some cases. In this article, we explain what the risks are when this file accidentally ends up in the wrong place and how this can be prevented.