Bypassing WAF by Playing with Parameters

In this post, I’ll explain two similar techniques that can be used to bypass Web Application Firewalls (WAF). These are HTTP Parameter Pollution (HPP) and HTTP Parameter Fragmentation (HPF). While HPP is a well known technique, its detection among WAFs is strong too. HPF is a technique that I have... [Read More]

A Not-So-Blind RCE with SQL Injection

Once again, I’m back with another story of an interesting finding. This time I’ll be explaining an SQL injection instance, but this was bit different. The application here is based on ASP.Net, is using MSSQL, supports stacked queries and the DB user is also sysadmin. Everything looks nice and perfect... [Read More]

Extracting Source Code from Pre-Compiled ASP.Net applications

In a recent assignment, I found a Path Traversal vulnerability in an ASP.Net based web application. Naturally, the first thing I went after was the web.config file. Extracted the DB credentials from connection string, but the MSSQL port was not open. And did some more post-exploitation enumeration. What I also... [Read More]

A possibility of Account Takeover in Medium

There are times when you discover something that is very common and ordinary which just blows your mind and you start thinking, “How come I didn’t knew this before!?”. I recently had that kind of a moment when I came to know that Twitter allows users to change their username.... [Read More]