Simple Flex/Bison C++

I already looked for my answer but I didn't get any quick response for a simple example. I want to compile a flex/bison scanner+parser using g++ just because I want to use C++ classes to create...

How to access devices on a client PC from a browser

What are the various ways to access devices on client PC - a barcode reader, a scanner, etc. - from a browser? I realize my users may need a plugin. These devices may have an API that is...

Scripts folder a vulnerability?

In my .NET web applications I usually have a Scripts folder that contains all of my JavaScript files - jQuery mostly these days, with the occasional JavaScript library of some sort or another. I'm...

Ruby/Metasploit NoMethodError undefined method `code'

Forgive me guys, new to Ruby, actually this is the first lang I have taken up, so be gentle with me ok? Writing a mod for Metasploit which will scan a system or net for 302/500 errors on the file...

what kind of vulnerably scan is this?

Some of the 404 error logs I see on my website are obviously caused by vulnerably scanners and in most cases, I can understand what it is scanning! (and it's mainly about sql-injection) However...

Ways to stop people from uploading GIFs with injections in them?

I have a PHP website where people can fill out help-tickets. It allows them to upload screenshots for their ticket. I allow gif, psd, bmp, jpg, png, tif to be uploaded. Upon receiving the...

Why is it necessary to validate data in a servlet obtained by calling HttpSession.getAttribute()?

I am new to WebApp programming and am trying to understand the security implications of not validating data obtained by calling the javax.servlet.http.HttpSession.getAttribute() interface method....

Fix for Unicode Transformation Issue/Vulnerability in ColdFusion

We upgraded our security scanner recently, and it's reporting a new issue. What's the recommended fix? (We happen to be on ACF9.) (Also, if you have an example exploit geared to CF, I'd appreciate...

What is the cost and the benefit of greatly restricting functions and classes with disable_functions and disable_classes?

I have performed some research and began building a complete list of PHP 5's builtin functions as documented on the project site. What is the performance cost of leveraging disable_functions...

Identifying Android rootkits

Currently involved in a University project and could use any help from members regarding rootkits designed for Android. I have little knowledge of Android malware and the project so far has got us...

How to add hash file to Exploit Scanner plugin for WordPress

While I have found the updated hash files to be added to WordPress, I have had a terrible time locating anything that gives specific direction as to where this file goes and exactly how to add it....

How can one prevent Apache executing the request line as a bash command?

I'm running several virtual hosts on Apache 2.2.22 and just noticed a rather alarming incident in the logs where a "security scanner" from Iceland was able to wget a file into a cgi-bin directory...

How to fix shell injection exploits in PHP?

We have someone exploiting our website and giving themselves funds to make purchases without actually depositing any money. When running a Vega scanner to look for vulnerabilities, it seems almost...

How do I get this guy's IP address in Node.js?

Some dude is running some exploit scanner on my server. I'm getting weird requests like: IP ADDRESS: ::ffff:127.0.0.1 www-0 (out): POST...

php malware, wordpress exploit, php virus

When i scanned a wordpress using exploit scanner plugin i got following result Image 1: Image 2: Image 3: Is there anything to worry? is that contain malicious code???? Also in the theame...

User input passed as a variable to subprocess.call

Im trying to pass a variable into another program that is being launched. I having issues with the variable working here is the code It all works up until the passing of RHOST, metasploit takes it...

includes/bootstrap.inc hacked/changed constantly

My hosting provider warned me that my bootstrap.inc file is connecting to an infected host. The issue is meant to be happening between 771 and 808 line of includes/bootstrap.inc file (code...

Getting error 500 because of .htaccess

I am new to .htaccess, but have to go this way to protect an image upload folder on a server. I was using the shown script following all the instructions upload works so far, but I am not able to...

How to prevent directory traversal attack in Apache2 Ubuntu 14?

As a system admin role I have to make secure website build in PHP. Vulnerabilities scanner gives directory traversal attack warning. I google it many websites but didn't found proper solution. I...

Wordpress unfamiliar code in root files

Recently one of the WP website files where deleted "CXS scanner " and detected all the files in root folder as index.php' Known exploit = [Fingerprint Match] [PHP COOKIE Exploit [P1036]] When I...

Trying to make a CLI tool in Java work

So this is my code: package ca.wax.main; import java.util.Arrays; import java.util.Scanner; public class Wax { static String commands[]; public static void main(String[]args){ ...

regex match any directory name in CXS

under CXS (ConfigServer eXploit Scanner) I can add directories to ignore during a virus scan on a cpanel server. my problem is that when a user has more than 1 website in his cpanel account the...

getting noMethodError while running exploit in metasploit

for my research I am using the following code in Metasploit: require 'msf/core' class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Rex::Socket::Tcp include...

Cross-site scripting (DOM-based) burp issues

In Burp Scanner Report, I got below issue The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement: ...

Should I worry about Exploit:Java/Obfuscator.F detected by antivirus in TemenosSecurity.jar

Windows 10 Defender Antivirus and also Microsoft Safety Scanner deteted and quarantined a threat of category "Exploit" named "Exploit:Java/Obfuscator.F" in TemenosSecurity.jar file and several...

Insecure deserialization using Json.NET

A static security scanner has flagged my C# code on this line: var result = JsonConvert.DeserializeObject<dynamic>(response); response will contain a JSON response from a web API. The scanner has...

How do I import gems that have been downloaded when installing some software?

I am using Kali Linux, it has pre-installed a lot of software written in ruby (such as metasploit, beef), today I want to import a ssh gem when writing my own script, but I failed because it is...

Veracode CWE 89 help requested when attempting to load an excel file to a datatable in .net (web)

Veracode SAST scanner is tagging excel file imports with a CWE 89 (Sql Injection): Attack Vector: system_data_dll.System.Data.Common.DbDataAdapter.Fill Number of Modules Affected: 1 Description:...

Bypassing browsers URL encoding to do reflected XSS from query parameter

I did a penetration test and I found several xss vulnerabilities that was triggered in burpsuite or curl (Also in web application scanners) but when I tried to execute it in the browser, it was...

SpringBoot and Sanitizing @PathVariable

In our project we are currently using Fortify scanner to scan our code, and we have an interesting question. We are considering that something like @PathVariable (required = true) String id Is...