DEV Community: FFFF:0000h

CORS: The Gatekeeper of Web Interactions

FFFF:0000h — Sun, 23 Jun 2024 04:03:11 +0000

Imagine you run a community library, and you want to ensure that only trusted members can borrow books. You have a list of people you trust, and you allow them to take books, but you don’t let just anyone walk in and grab a book. This is similar to how CORS (Cross-Origin Resource Sharing) works on the web.

What is CORS?

CORS is a security feature in web browsers that allows a website to request resources from another domain, but only if the other domain allows it. This is necessary because of the Same-Origin Policy (SOP), a security measure that restricts how a document or script loaded from one origin can interact with resources from another origin.

Same-Origin Policy

Think of SOP as a security guard who only lets people from the same neighborhood (or origin) interact. For example, if your website is hosted at example.com, it can freely interact with resources from example.com but cannot access resources from anotherdomain.com unless explicitly allowed.

How CORS Works

CORS uses HTTP headers to tell the browser whether or not to allow requests from different origins. For instance, if example.com wants to fetch data from api.example.com, the server at api.example.com can send back a header saying it’s okay (Access-Control-Allow-Origin: example.com).

Vulnerabilities in CORS Configurations

Just like leaving the library door open for anyone can lead to theft, misconfigurations in CORS can lead to security issues. Let’s explore some common vulnerabilities with real-world analogies and examples.

1. Reflecting the Origin Header

Imagine a scenario where the library decides to trust anyone who claims they’re a friend. If a malicious person says they’re from the neighborhood, they get access to the books. Similarly, some web servers reflect the Origin header they receive in the Access-Control-Allow-Origin response, effectively allowing any domain access to sensitive data.

Example: A request to vulnerable-website.com from malicious-website.com might look like this:

GET /sensitive-data HTTP/1.1
Host: vulnerable-website.com
Origin: https://malicious-website.com
Cookie: sessionid=...

If the server responds with:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://malicious-website.com
Access-Control-Allow-Credentials: true

Now, the malicious website can access sensitive data by tricking the server into trusting it.

2. Whitelisted Origin Mistakes

Let’s say the library has a whitelist of trusted members but accidentally includes some sketchy people. In CORS terms, this happens when the whitelist is too broad or misconfigured.

Example: A vulnerability in an e-commerce site may allow any subdomain ending in trusted-site.com to be whitelisted. An attacker can register attacker.trusted-site.com and gained access to the main site’s resources.

3. Exploiting XSS with CORS

Think of a trusted library member who’s actually a thief. If your site trusts another site that has security holes, attackers can exploit those holes.

Example: A subdomain of a site might have an XSS vulnerability. Attackers can use this to inject scripts that make CORS requests, stealing sensitive data from the main site.

How to Prevent CORS-Based Attacks

Here are some practical steps to secure your web applications against CORS-related vulnerabilities:

Strict Origin Checking:
- Always specify exact origins in Access-Control-Allow-Origin headers. Avoid using wildcards (*) or dynamically reflecting origins without validation.
Limit Trusted Origins:
- Only allow trusted sites. Maintain a strict whitelist and regularly review it.
Avoid null Origin:
- Do not use Access-Control-Allow-Origin: null unless absolutely necessary. null can be exploited by cross-origin redirects and sandboxed requests.
Secure Internal Networks:
- Avoid wildcards in internal networks. Ensure internal resources are protected and cannot be accessed by browsers visiting untrusted sites.
Server-Side Security:
- Remember, CORS is a browser security feature, not a substitute for server-side security. Implement strong authentication, session management, and data protection measures on your servers.

Real-World Example: Shopify (2019)

In 2019, Shopify had a misconfigured CORS policy that allowed any subdomain to access its main API. An attacker registered attacker.myshopify.com and exploited this misconfiguration to steal user data. Shopify quickly fixed the issue by tightening their CORS policy.

By understanding and properly configuring CORS, you can prevent your website from falling prey to similar vulnerabilities. Just like running a secure library, it’s about knowing who to trust and keeping a close eye on who gets access to your valuable resources.

Mischief Managed

Large Language Models: The Brains Behind Modern AI (like ChatGPT,Siri,Alexa,Cortana)

FFFF:0000h — Fri, 21 Jun 2024 04:02:00 +0000

I just learned something really fascinating about AI, and I think you'll find it cool too. It's all about Large Language Models, or LLMs. These are like super-smart robots that can have conversations with you, answer questions, and even help out with various tasks. Let me break it down for you.

What is a Large Language Model?

Okay, so imagine the predictive text feature on your phone—the thing that suggests the next word when you're typing a message. For example, if you type "Can you hack my boyfriend's," your phone might suggest "facebook" as the next word. It's pretty handy, right?, right?, right?, Now, imagine this feature on steroids. That's what a Large Language Model is like.

LLMs are trained on tons of text data (think of it like reading a huge library of books). They learn how language works by recognizing patterns and structures. This means they can predict and generate sentences that sound natural and make sense. When you talk to a virtual assistant like Siri or Alexa, you're actually using a prompt (a way to give the AI instructions) to communicate with an LLM, and it responds based on what it has learned.

Real-World Uses of LLMs

LLMs are used in so many cool ways:

Customer Service: Ever chatted with a company's virtual assistant for help? That's an LLM. During the 2020 pandemic, many companies used these chatbots to handle the surge in customer questions online.
Translation: Services like Google Translate use LLMs to instantly translate languages, making it easier for people from different parts of the world to understand each other.
SEO (Search Engine Optimization): LLMs help websites rank higher in search results by generating content that search engines love.
Sentiment Analysis: They can read and analyze comments or reviews to see if people are happy or upset, helping companies understand what people think about their products.

The Dark Side: LLM Attacks and Prompt Injection

But here’s the kicker—LLMs can be tricked or attacked. One common trick is called prompt injection. This is when someone sneaky, like me, a researcher (adjusts glasses slightly) writes specific prompts to make the LLM do something it shouldn’t. Let me give you an example to show you what I mean:

In a lab environment:

1, You ask the LLM what APIs it can access.
2, The LLM lists APIs including Password Reset, Newsletter Subscription, and Product Information (THIS SHOULDN'T BE ACCESSIBLE TO THE LLM!!!)
3, Considering the Newsletter Subscription API, you test it by subscribing with an email address tied to an exploit server.
4, You then use a command injection technique, $(whoami), which reveals the system's user.
5, Further exploiting this, you use $(rm /home/carlos/morale.txt) to delete a specific file, demonstrating unauthorized capabilities beyond intended usage.

Real-World Examples of LLM Vulnerabilities found

OpenAI GPT-3 (2021): Researchers found that by writing certain prompts, they could get GPT-3 to say things it wasn’t supposed to, like generating harmful or misleading information.
Microsoft Tay (2016): This was a chatbot that learned from people on Twitter. Unfortunately, people started teaching it bad things, and it quickly began to say offensive stuff. Microsoft had to shut it down within 24 hours.
Google Smart Compose (2018): This feature in Gmail suggests text as you type. Researchers found that by tweaking the email context, they could influence what Smart Compose suggested, leading to potential information leaks.
AI Dungeon (2020): This is a game that uses AI to create stories. Users found they could make it reveal personal information that was hidden in its training data. Not good!
Training Data Poisoning (2022): Researchers showed that by sneaking bad data into the training set, they could make the AI say specific harmful things. It's like teaching a parrot to say something rude on purpose.

Detecting and Fixing LLM Vulnerabilities

To keep these AI systems safe, we need to spot and fix their weak points. Here’s a simple way to think about it:

Identify Inputs: Figure out what info the AI is getting directly (like user questions) and indirectly (like the data it was trained on).
Check Data and APIs: See what data and tools the AI can use, because these could be abused.
Test for Weak Spots: Try to find and fix any security holes.

How LLMs Work with APIs

LLMs often use APIs (tools that let different software talk to each other) to do more complex tasks. Here’s how it typically works:

User Interaction: You send a message to the LLM.
Function Call Detection: The LLM realizes it needs to use an external tool and prepares the request.
API Interaction: The system makes the call using the LLM’s request.
Processing Response: The system processes the response from the API.
Follow-Up: The system tells the LLM what the API said.
Result Summary: The LLM tells you the final result.

While this makes the LLM very powerful, it also means it can access external tools without you knowing, which can be risky.

Keeping LLMs Safe

To protect LLMs from being exploited, here are some tips:

Treat APIs as Public: Assume anyone can use them. Use strong security measures, like passwords and permissions. Google Smart Compose had issues because it didn’t properly handle email contexts.
Avoid Sensitive Data: Don’t let LLMs access sensitive info. Microsoft Tay went rogue because it learned from unfiltered user input.
Regular Testing: Keep testing the AI to make sure it isn’t revealing any private info. The 2022 training data poisoning showed that bad data could make AI say harmful things.
Proper Integration: Make sure LLMs ignore misleading prompts hidden in emails or web pages.

Real-World Analogy (well it's a myth but it doesn't fit to say Mythical Analogy lol): The Trojan Horse

Think of LLM vulnerabilities like the story of the Trojan Horse. The Greeks gave the Trojans a giant wooden horse as a gift, but inside it were hidden soldiers. The Trojans brought it into their city, not knowing it was a trap. Similarly, LLMs can be tricked by seemingly harmless prompts or data that hide malicious intentions, leading to security breaches.

Conclusion

LLMs are amazing tools, but they come with risks. By learning from past incidents and understanding how these models work, we can better protect them. It’s like having a super-smart assistant that we need to keep safe from bad actors. As these technologies evolve, we need to keep improving our strategies to ensure they continue to help us in safe and effective ways. Isn’t that cool?

APIs are critical in ensuring Web Apps run smoothly.
Check out my article on API Testing: https://dev.to/adebiyiitunuayo/api-testing-a-journey-into-reconnaissance-and-vulnerability-identification-using-burpsuite-50o

API Testing: A Journey into Reconnaissance and Vulnerability Identification using BurpSuite

FFFF:0000h — Wed, 19 Jun 2024 03:19:13 +0000

Think of API testing as embarking on a thrilling adventure, where you explore uncharted territories to ensure the safety and reliability of your digital assets. This guide will take you through the exciting process of API testing, focusing on reconnaissance and vulnerability identification.

API Reconnaissance

Before diving into the depths of API testing, you need a solid map like this

static.wikia.nocookie.net

:) just kidding, not that COD Map, but with elements being somewhat similar; points, locations, e.t.c . This involves understanding the lay of the land, or in technical terms, the API's attack surface. Here’s your guide:

Identify API Endpoints:
- Endpoints are like landmarks on your journey. They are specific locations where APIs receive requests. For instance, imagine you’re visiting a library (the server) and you want to see a list of books. You’d head to the /api/books section.
- Another landmark could be /api/books/mystery, guiding you to a collection of mystery novels. Knowing these endpoints is like having a treasure map—it’s crucial for successful exploration.
Determine Interaction Methods:
- To interact with these landmarks, you need the right tools and instructions. Gather details on:
  - Input Data: Think of these as the keys to different doors, including both mandatory and optional parameters.
  - Supported Request Types: This is akin to knowing if a door requires a push, pull, or a keycard—whether it’s HTTP methods or media formats.
  - Rate Limits and Authentication Mechanisms: These are the rules of the land, ensuring you don’t overstay your welcome or enter without permission.

API Documentation

Imagine having a guidebook that explains everything about your journey. API documentation is that guidebook, and it comes in two forms:

Human-Readable: Like a travel guide with detailed explanations, examples, and usage scenarios.
Machine-Readable: Think of it as a GPS system that uses structured formats like JSON or XML for software automation.

Finding API Documentation:

Browsing Applications: Use tools like Burp Scanner to explore the API, similar to using a metal detector to find hidden treasures. Look for endpoints such as /api, /swagger/index.html, or /openapi.json.
Using Intruder: Deploy wordlists based on common API conventions, much like using a dictionary to decode an ancient language.

Using Machine-Readable Documentation:

Tools like Burp Scanner can audit OpenAPI documentation, while Postman and SoapUI can help test the documented endpoints, much like testing the integrity of discovered artifacts.

Identifying and Interacting with Endpoints

Manual Exploration:

Use Burp Repeater and Burp Intruder to interact with identified endpoints. This is like probing different areas of a cave to uncover additional chambers or passageways.

HTTP Methods:

Test various HTTP methods to uncover different functionalities:
- GET /api/tasks: Retrieves tasks, akin to finding a list of quests.
- POST /api/tasks: Creates a new task, like adding a new quest to your log.
- DELETE /api/tasks/1: Deletes a task, removing a quest from your log.
Use Burp Intruder to cycle through these methods, focusing on low-priority areas to avoid unintended consequences, like a careful explorer avoiding dangerous traps.

Content Types:

APIs often expect data in a specific format. Changing the Content-Type header can:
- Trigger errors revealing useful information, much like pressing the wrong button in an ancient temple might reveal hidden secrets.
- Bypass defenses or exploit logic differences, similar to finding a hidden passageway.
Use the Content type converter BApp to switch between formats like XML and JSON, akin to translating ancient texts.

Discovering Hidden Endpoints and Parameters

Using Intruder for Hidden Endpoints:

Test structures like /api/user/update with Burp Intruder, adding payloads at common positions. Utilize wordlists, much like a treasure hunter uses maps marked with potential dig sites.

Finding Hidden Parameters:

Use Burp Intruder and Param Miner BApp to uncover hidden parameters, and the Content Discovery Tool to find parameters not linked from visible content, like finding hidden switches in a secret room.

Testing for Vulnerabilities

Mass Assignment Vulnerabilities:

These occur when frameworks automatically bind request parameters to internal object fields. It’s like finding out that a hidden lever not only opens a secret door but also triggers a trap.

Testing Mass Assignment:

Send PATCH requests with parameters like {"username": "wiener", "email": "wiener@example.com", "isAdmin": false}. Check responses for unusual behavior, much like testing each step for hidden pressure plates.

Server-Side Parameter Pollution:

This vulnerability lets attackers manipulate server-side requests by injecting parameters into user inputs. It’s like inserting a false clue into a treasure map to mislead others.
- Query String Pollution: Test by inserting characters like #, &, and =, similar to testing different keys in a lock.
- Path Traversal: Test by adding path sequences like peter/../admin, akin to finding a hidden path through a maze.

Testing with Automated Tools

Burp Scanner and Backslash Powered Scanner:

Use Burp Scanner to detect suspicious input transformations, like using a metal detector to find hidden metal objects. The Backslash Powered Scanner BApp helps identify server-side injection vulnerabilities, much like using a spyglass to spot distant dangers.

Preventing Vulnerabilities

Design Considerations:

Protect Documentation: Keep it updated and secure, like safeguarding your treasure map.
Validate Inputs: Use allowlists and blocklists to control input parameters, akin to setting up a security perimeter around your treasure.
Error Handling: Use generic error messages to avoid revealing sensitive information, much like using decoy maps to mislead potential thieves.
Versioning: Apply security measures across all API versions, ensuring that every iteration of your treasure map is secure.

Preventing Mass Assignment:

Allowlist user-updatable properties and blocklist sensitive properties, preventing unintended parameter binding, like ensuring only trusted allies have access to the secret vault.

Real-World Examples of API Testing Vulnerabilities

Facebook Graph API - Access Token Exposure (2018)
- Incident: A vulnerability exposed access tokens of 50 million users.
- Consequences: Account takeover, access to private messages, posting updates.
- Lesson: Implement robust token management and regular audits.
Uber API - Personal Data Exposure (2016)
- Incident: Insufficient access controls exposed personal data of riders and drivers.
- Consequences: Risk of privacy breaches and data misuse.
- Lesson: Ensure strict access controls and regularly update security policies.
Twitter API - Direct Message Leak (2017)
- Incident: A vulnerability allowed unauthorized access to DMs.
- Consequences: Exposure of private conversations.
- Lesson: Thoroughly test permission systems and authorization checks.
Tesla API - Remote Control of Vehicles (2016)
- Incident: Researchers accessed and controlled vehicle features remotely.
- Consequences: Significant security risk, potential vehicle theft or manipulation.
- Lesson: Rigorous security testing for critical systems and secure authentication.
GitHub API - Repository Data Exposure (2020)
- Incident: Unauthorized access to private repository data due to improper token handling.
- Consequences: Exposure of sensitive code and intellectual property.
- Lesson: Use secure token handling methods and regularly rotate tokens.
Slack API - Bypassing Rate Limits (2019)
- Incident: A vulnerability allowed attackers to bypass rate limits and spam messages.
- Consequences: Denial-of-service attacks, disrupted services.
- Lesson: Implement and enforce rate limiting and monitor API usage patterns.
Google Cloud API - Sensitive Data Leak (2020)
- Incident: Misconfiguration exposed sensitive data of enterprise customers.
- Consequences: Exposure of sensitive business information.
- Lesson: Ensure proper configuration management and regular security audits.

Conclusion

Effective API testing is like embarking on an epic quest, requiring a thorough understanding of the API’s structure and behavior. By following these steps, you can identify and mitigate various vulnerabilities, ensuring the security and reliability of your digital treasure. Remember, continuous testing and updating security measures are key to safeguarding against emerging threats.

Mischief Managed.

Path Traversal: The Hidden Threat to Your Data

FFFF:0000h — Sat, 15 Jun 2024 14:31:07 +0000

Imagine you're at home, and your house is full of rooms with various doors, some leading to secure areas like your personal office or a safe room. Now, what if someone knew a trick to bypass the usual routes and access these rooms directly, stealing or tampering with your valuables, such as your 419-karat gold chain, expensive perfume, or even your vintage Kolo box. This is essentially what happens in a path traversal attack.

What is Path Traversal?

Path traversal, also known as directory traversal, is a type of vulnerability found in web applications. It allows attackers to access files and directories stored outside the web root folder, which they typically shouldn't be able to reach, that's for the chefs, a.k.a Backend Engineers. These files can contain sensitive information like application code, user data, credentials, and even system files, which can be exploited to gain further control over the server.

How Path Traversal Works

Say there's a web application, a sinister yahooyahoo online shopping store used to trade illegally, much like Darkmarket, with its name actually being yahooyahoo! Dumb I know, had to do with something about hiding in plain site by the admin who's now in jail :). The application loads an image using a URL like this:

<img src="/loadImage?filename=218.png">

In the backend, the server processes this request by appending the filename to a base directory:

/var/www/images/218.png

However, if there are no defenses against path traversal, an attacker; in this case EFCC, can manipulate the filename parameter to access other files on the server such as account info of the users. For instance, they might try:

https://yahooyahoo.com/loadImage?filename=../../../etc/passwd

This request instructs the server to load a file by stepping up three directory levels from the base path and then accessing the /etc/passwd file, a critical system file on Unix-like systems.

The server constructs the path like this:

/var/www/images/../../../etc/passwd

The ../ sequence moves up one directory level. So, the path resolves to:

/etc/passwd

The Power and Might of `../` Sequence

When you hear of Sequence in Web-Sec, just think of Navigation.

Think of ../ as a way to go up one level in a directory structure, like climbing a ladder to the floor above:

A single ../ takes you one level up.
../../ takes you two levels up.
../../../ takes you three levels up, and so on.

In a computer file system:

Starting at /home/user/documents/projects, ../ takes you to /home/user/documents.
../../ would take you to /home/user.
../../../ brings you to /home.

To better understand this:

Imagine you're in a large hotel, Hotel 3FCC. You start in room 419 (4th floor, 19th room). Using ../:

../ means stepping out into the hallway (up one level in directory terms).
../../ means taking the elevator down to the 3rd floor.
../../../ means going down to the 2nd floor.

Hotel Layout:

Hotel:
---------------------

                          (Floors)
                                |
                                |
    +---------------------------------------------+
    | 1st Floor  | 2nd Floor  | 3rd Floor | 4th Floor |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 219   |             | Room 419   |
    |             |             |             | (Your Room)|
    |             +-------------+             +-------------+
    |             | Room 220   |             | Room 420   |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 319   |             |             |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             | Room 320   |             |             |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+

Path Traversal Steps:

Initial Position: Room 419 on the 4th Floor
- Current Path: /home/user/documents/projects
- Hotel Analogy: You are in Room 419 on the 4th Floor

    +---------------------------------------------+
    | 1st Floor  | 2nd Floor  | 3rd Floor | 4th Floor |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 219   |             | Room 419   |
    |             |             |             | (You)      |
    |             +-------------+             +-------------+
    |             | Room 220   |             | Room 420   |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 319   |             |             |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             | Room 320   |             |             |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+

Step 1: Using ../ to move up one level to the hallway of the 4th floor
- New Path: /home/user/documents
- Hotel Analogy: Stepping out into the hallway of the 4th Floor

    +---------------------------------------------+
    | 1st Floor  | 2nd Floor  | 3rd Floor | 4th Floor |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 219   |             | (Hallway)  |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             | Room 220   |             | Room 419   |
    |             |             |             | (Empty)   |
    +-------------+-------------+-------------+-------------+
    |             | Room 319   |             |             |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             | Room 320   |             |             |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+

Step 2: Using ../../ to move up two levels to the 3rd Floor
- New Path: /home/user
- Hotel Analogy: Taking the elevator down to the 3rd Floor

    +---------------------------------------------+
    | 1st Floor  | 2nd Floor  | 3rd Floor | 4th Floor |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+
    |             | Room 219   | (You)       | (Hallway)  |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             | Room 220   | Room 319   | Room 419   |
    |             |             | (Empty)   | (Empty)   |
    +-------------+-------------+-------------+-------------+
    |             | Room 320   |             |             |
    |             |             |             |             |
    |             +-------------+             +-------------+
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+

Step 3: Using ../../../ to move up three levels to the 2nd Floor
- New Path: /home
- Hotel Analogy: Taking the elevator down to the 2nd Floor

    +---------------------------------------------+
    | 1st Floor  | 2nd Floor  | 3rd Floor | 4th Floor |
    |             | (You)     | (Empty)   | (Hallway)  |
    +-------------+-------------+-------------+-------------+
    |             | Room 219   | Room 319   | Room 419   |
    |             |             | (Empty)   | (Empty)   |
    |             +-------------+             +-------------+
    |             | Room 220   | Room 320   | Room 420   |
    |             |             |             |             |
    +-------------+-------------+-------------+-------------+

Defenses and Bypasses

To prevent these attacks, many applications strip out directory traversal sequences from user input. But clever attackers often find ways to bypass these defenses. For instance, they might use an absolute path directly from the root:

filename=/etc/passwd

Or, they might use nested traversal sequences like ....//, which, after stripping, still leaves a valid traversal sequence:

https://yahooyahoo.com/loadImage?filename=....//etc/passwd

Here’s how nested sequences work:

User input: ....//etc/passwd
Application strips ../: The sequence ....// reverts to ../
Resulting path: /var/www/images/../etc/passwd
Final path resolves to: /etc/passwd

URL Encoding Tricks

Another trick involves URL encoding (I'll be writing an article on URL encoding soon), where characters like ../ are represented in encoded forms (%2e%2e%2f). For example:

filename=%2e%2e%2f%2e%2e%2fetc/passwd

This can trick the application into processing it as valid input.

Protecting Against Path Traversal

To defend against path traversal:

Avoid using user input in filesystem APIs whenever possible.
Validate user inputs rigorously:
- Use a whitelist of allowed values.
- Allow only specific characters (e.g., alphanumeric).
Canonicalize the path:
- Ensure the resolved path starts with the expected base directory.

Real-Life Examples of Path Traversal Attacks

1. Apache Struts CVE-2017-5638

In 2017, a critical vulnerability was discovered in Apache Struts, a popular open-source web application framework. The vulnerability (CVE-2017-5638) allowed attackers to exploit path traversal to read and execute arbitrary files on the server. This was part of the attack vector used in the massive Equifax data breach, which exposed personal information of over 147 million people. Attackers leveraged the vulnerability to execute remote code, gaining access to sensitive data.

2. Fortinet FortiOS Path Traversal (CVE-2018-13379)

In 2018, a path traversal vulnerability (CVE-2018-13379) was discovered in Fortinet's FortiOS SSL VPN web portal. The flaw allowed unauthenticated attackers to download system files via specially crafted HTTP resource requests. By exploiting this, attackers could access sensitive information such as password files and VPN session details, compromising the security of the entire network.

3. Magento eCommerce Platform

Magento, a popular eCommerce platform, has been subject to multiple path traversal vulnerabilities over the years. One such vulnerability allowed attackers to exploit the file upload mechanism to upload malicious files by bypassing directory restrictions. This could lead to remote code execution, enabling attackers to take over the web server and access sensitive customer information and payment data.

4. Nokia Store App

In 2012, a significant path traversal vulnerability was found in the Nokia Store app. The issue allowed attackers to download arbitrary files from the server. By manipulating the URL parameters, attackers could access restricted directories and sensitive files, potentially exposing user data and internal configurations.

5. Rubygems.org Path Traversal (CVE-2020-25613)

In 2020, a path traversal vulnerability was identified in Rubygems.org, the Ruby community’s gem hosting service. The vulnerability (CVE-2020-25613) allowed attackers to manipulate file paths and download arbitrary files from the server. This posed a significant risk as it could potentially expose sensitive configuration files and credentials stored on the server.

6. Cisco ASA Path Traversal Vulnerability (CVE-2018-0296)

Cisco's Adaptive Security Appliance (ASA) software was found to have a critical path traversal vulnerability (CVE-2018-0296) in 2018. This allowed unauthenticated attackers to send crafted HTTP requests to gain access to sensitive system files. Exploiting this flaw, attackers could obtain information about the device configuration, potentially aiding in further attacks against the network.

7. GitHub Enterprise Server Path Traversal (CVE-2020-10546)

In 2020, a path traversal vulnerability (CVE-2020-10546) was discovered in GitHub Enterprise Server. This vulnerability allowed attackers to access arbitrary files on the server by manipulating URL paths. Exploiting this, an attacker could gain access to sensitive information such as repository files and configuration data, posing a significant security risk to the affected enterprises.

8. WordPress Plugin Vulnerabilities

Many WordPress plugins have been found vulnerable to path traversal attacks. For instance, the popular plugin "Duplicate Page" had a path traversal vulnerability that allowed attackers to read arbitrary files from the server. Such vulnerabilities in widely used plugins pose significant risks as they can affect a large number of websites, potentially exposing sensitive data and enabling further attacks.

Final words

I'm not supposed to be writing an article telling you this (lol), but sometimes the most secure doors have hidden keys – and in the world of web security, path traversal is one key you definitely don't want falling into the wrong hands.

Path traversal vulnerabilities extend beyond what I have shown here but see this as a starting point, a good magician never reveals his secrets :).

Path traversal vulnerabilities are like hidden passages in a fortress, allowing attackers to slip through defenses and wreak havoc. By understanding how these attacks work and implementing defenses, we can better protect our digital fortresses from unauthorized access. Always validate and sanitize user inputs, and regularly, I mean regularly review your code and server configurations to close off any potential exploits.

Mischief Managed.

Resources: Portswigger (Web Security Academy), Wikipedia.

Node: cd myjourney03

FFFF:0000h — Fri, 27 May 2022 20:23:41 +0000

It's been a while I posted my learning progress due to health challenges and school. However I decided to resume learning Nodejs and posting my progress since things are good now.

So today was great, I learned about the NPM a.k.a Node Package Manager.

The npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently.

Now this seemed confusing at first to me. So I asked myself "what is a package". Now it meant something different to me from what I found out coming from a Java language background where a package is a group of similar type of classes.

So I hit up the Google website. Hey there's a website named npmjs, dedicated to the npm I was learning about which is it, NPM, the thing. I click on this site and run a few more clicks and found:

A package is a file or directory that is described by a package.json file.
A package is any of the following:
a) A folder containing a program described by a package.json file.
b) A gzipped tarball containing (a).
c) A URL that resolves to (b).
d) A <name>@<version> that is published on the registry with (c).
e) A <name>@<tag> that points to (d).
f) A <name> that has a latest tag satisfying (e).
g) A git url that, when cloned, results in (a).

💡 So I now understand that a package in Nodejs term is not a package in Java term and I shouldn't assume but instead confirm things.

I learned that NPM is broad as a concept and as a thing. Why?

Npm consists of three distinct components:

The website: Use the website to discover packages, set up profiles, and manage other aspects of your npm experience. For example, you can set up organizations to manage access to public or private packages.

The CLI (Command Line Interface) which runs from a terminal, and is how most developers interact with npm.

The registry which is a large public database of JavaScript software and the meta-information surrounding it.

💡 So when anyone mentions NPM, you're allowed to ask which part of NPM they are talking about and not just assume it to be the CLI because I'm always in the terminal for it.

So I'm working with the CLI component of NPM via Termux terminal. The npm was installed when I installed nodejs on my device in my terminal so no need for installing it separately.

Now there's a package in NPM (website) named "upper-case" used to convert strings to upper case.
That is: "hey" turns to "HEY".

So I search on the website for this package

Click on it to see what it's about

Heyy, it's on github
Think github, think Opensource.

How could I forget, Nodejs is Opensource itself and NPM too.

So I install this package on my CLI

Then I check what has been installed, the files and all, see a package.json file and other new files. node_modules, what is that, instinct?. I navigate into it. And find files again, navigate to the dist.es2015 folder instinctively too to find many files but the one file that caught my attention was a simple index.js file which I opened with a code editor and found interesting things.

So here's part of the codes in the index.js file

I understood that part of this code was setup so it could be imported or require_d and I can see an uppercase function which converts strings _javascriptically (lol).
Makes sense to me. I exit.

So now back to my server, time to use this package.
I include the upper-case package in my already set up server

var demo = require('upper-case');

And write a text using the upperCase() function seen earlier.
So the whole thing looks like

var http = require('http');
var demo = require('upper-case');
http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/html'});
  res.write(demo.upperCase("Hello John!"));
  res.end();
}).listen(8080);

Then I run the server

I request via port 8080 and my server DISPLAYS the string argument in CAPITAL LETTERS. Amazing.

💡 So I don't have to stress writing a logic to do this anymore, I just install and download the upper-case package.
Imagine what other packages on NPM registry can do.
The power of packages.
Things learned: NPM, package, modules

Resource: Google, W3schools, Stackoverflow.

Day 4. Progress.

Node: cd myjourney02

FFFF:0000h — Tue, 17 May 2022 20:06:23 +0000

I learned about the file system module in Nodejs which allows Nodejs work with the file system on my computer (in my case, mobile storage) and makes Nodejs act as a file server.
What this basically means is that files (documents, videos, audios, etc) are stored on my computer (mobile) and this file system module allows Node access these files and serve them to client upon request (usually by the click of button).

In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one large body of data with no way to tell where one piece of data stopped and the next began, or where any piece of data was located when it was time to retrieve it

To enable this feature, just like the http and url modules, you include the file system module fs using the require() function and storing in variable.

var fs = require('fs');

So, I have two html files together with my server program in a folder named node as you can see below; facts and index.

And my server code

Looking at line 7, I noticed a dot wrapped in double quotes so I decided to find out why it's there and what it does, so I initiated my server and it crashed, a quick copy/paste of line 7 on Google brought up some interesting results.
The best I could take is that

The reason for the leading dot is that the logic of that example is to open a local file.
q.pathname will return something like /..., so adding a . in front of it, you'll get something like ./..., which identifies a file in the same directory where the node.js program is run.

Means that Nodejs as a file server needs the dot to recognise the path of file (e.g /index.html) as an entity (./index.html) within the same folder as my server program. It's best not to think of it in terms of relative or absolute path.

  var filename = "." + q.pathname;

Line 8 has a lot of things happening, notice the fs module with a method readFile() taking two arguments, well the fs or File System module allows in:

Creating files using methods appendFile(), open(), writeFile()
Reading files using method readFile()
Updating files using methods appendFile(), writeFile()
Deleting files using method unlink()
Renaming files using method rename()

CR²UD

What the code means is that, " read whatever filename requested by client on my computer (as server) and respond with it.
A function passed as an argument which contains the error parameter and data parameter for if the file was not requested properly or if it doesn't exist and if the file was requested properly or it exists respectively. 400 is a status code to describe an error.

  fs.readFile(filename, function(err, data) {
    if (err) {
      res.writeHead(404, {'Content-Type': 'text/html'});
      return res.end("404 Not Found");
    } 
    res.writeHead(200, {'Content-Type': 'text/html'});
    res.write(data);
    return res.end();
  });
})

So I run my server

I request the default server page on port 8080

Request a different path

Request the index.html file in same folder as my server program.

I request the facts.html file in same folder too.

Things learned

Combining the http,url and file system module to create a file server to serve files to client.
Modules

Resources: Google, W3Schools.com, Stackoverflow, Geeksforgeeks.org.

Nodejs: cd my-journey01

FFFF:0000h — Sat, 07 May 2022 22:31:33 +0000

Today I learned about built-in modules in Node.js such as the HTTP module and the URL module.

Anatomy of a nodejs server


var http = require('http');
var url = require('url');

http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/html'});
  var qr = url.parse(req.url, true).query;
  var text = qr.year + " " + qr.month;
  res.end(txt);
}).listen(8080);

The require() function is used to include the HTTP module and is stored in the variable, http to be used.

var http = require('http');

The require() function is used to include the URL module and is stored in the variable, url to be used.

var url = require('url');

Now the HTTP module allows Nodejs to transfer data over the protocol using methods like createServer() and listen() method which allows Nodejs function as a Web server (an HTTP server)

Whereas the URL module allows Nodejs split query string into readable parts.

The http variable object which has the HTTP module stored in it has a method createServer which takes in a function parameter,and this function is called when anyone tries to access the port 8080. It's important to know that that the createServer actually listens to the server port incase there's any access and loads up the function passed in as an argument and sends response back to the client (the Web browser).

http.createServer(function (){
//Statements go here 
}).listen()

Analysing the content of the function parameter. I got to find out interesting things.

The function, which is a nameless function takes in two arguments req (request) and res (response).

P.O.V : Server.
The req argument which is an "http.IncomingMessage object (containers for named values)" represents the request from the client to the server.

The res argument which is an "http.outgoingmessage object" represents the response from the server to the client.
The res.writeHead function or the res object which contains a named value writeHead which is a function which is a method (because methods are functions that are in objects) and is used to write HTTP headers (HTTP headers let the client and the server pass additional information with an HTTP request or response.)
At this point I was glad I understood the concept of objects and methods and functions in JavaScript.

The writeHead() method takes in two arguments the status code which is 200 (meaning successful connection, sent by the server to the client) and the type of content to be sent to the client (web browser), in this case an html content type.
Remembering that the res is an object and objects are containers for named values, and objects are written in such manner:

object = { property:value }

I quickly spot that the 'Content-Type':'text/html' part is a member of an object but wait, it's within the writeHead function/method so it must belong to the writeHead, it all began to make sense, "a server is like a nest of objects, functions and objects", I said to myself.


function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/html'});

Now below, there's the url.parse method which takes a url address (req.url) and parses it returning a url object with each part of the address, stored in the qr object variable. The second parameter true is called a parseQueryString and it is a boolean value. If it is set to true then the query property will be set to an object returned by the querystring module’s parse() method. If it's set to false then the query property on the returned URL object will be an unparsed, undecoded string. Its default value is false.
The .query at the end is so parts can be splitted when we query

var qr = url.parse(req.url, true).query;

Take for example when set to true

and

When set to false

So, we have a variable text which will take in the part of our url named year and month and prints them out as html text in our specified port because we have instructed our server to end the response (res.end) with it (text).

var text = qr.year + "" + qr.month;
res.end(txt);

Hence when we access, query year and month

We get the result as

This is basically how websites work when we want to access a content from n-month in n-year and if there's any data available, it displays or shows an error, sent from the server.

Things learned: A lot (lol), objects, functions, methods, modules, Nodejs, server, backend.

Cover-image: Author
Resources:W3Schools, Geeksforgeeks, Google.

The programmers experience

FFFF:0000h — Wed, 04 May 2022 14:33:58 +0000

"The realities and illusions of good learning.

As a programmer, you're exposed to a world of logic, a world of additions, subtractions, divisions of bits in their mulitiples. A world that requires you think.
In this framework as a newcomer, you may at some point in getting familiar come to a junction where there are two options, two great options that set your configuration pattern to be a model to how you'd learn things after 3 consecutive consistent decisions.

To learn just what is sufficient and necessary at that definite point or
Go down a world of the rabbits, where you scavenge about for good information, searching from page to page, article to article, tweets to quora's with words and buzzwords popping up at your every look, just to understand why a layer of computer exists and what is responsible for it.

It may seem that the former is efficient enough for any given task and should be done at all times but the latter has its end results tied to the general understanding of a programmer in any case, general understanding could mean:

"ohh this word seems familiar 'A11y' : checks google scrolls down, *sees 'Accessibility is long-hand for A11y with 11 words in between A and y'"

The rabbit hole is an endless depth of knowledge well. Time therein may seem slow, while on the outside fast. This is but an illusion, so I've come to learn and experience. The rabbit hole is that deep that makes you question "why is javascript written like this, why is var, let used like this, what is a scope, what does it mean by a programming language is fast?" and proffers a solution that makes you search just about every nook and cranny of Google, MDN, read just about any book written by Kyle Simpson and Mark Haverbeke, while checking out that Bucky's JavaScript tutorials, Caleb Curry's video on engines then knowing there's such a thing as V8, runtime, environment, bindings, non-blocking, asynchronous, prototypal, sentinels, assemblers (What is that?), machine code, history of computers just because of a want to know why var and let are different which sends you for a quick therapy at the ImpostorSyndrome hospital perpetually.

The rabbit hole must in no way be likened to a I place of "jumping about" learning about everything there is to learn on different subject matters, but a digging through as it's obvious rabbits do not hop to create holes.

The man who has studied about variables and operators for 12 months is the one I prefer to the man who knows all of JavaScript.

A true programmer seeks depth, a true -tian must seek depth."
- My-journal.txt

JavaScript and Logic.

FFFF:0000h — Tue, 03 May 2022 10:46:33 +0000

In logic, a statement (or a Proposition) is a meaningful declarative sentence that is either True (T) or False (F). Examples of logical statements include the following:

"You are reading this on dev.to" //True

"You reading this on Facebook" //False

In JavaScript:

The author of the "You don't know JS yet" series, Kyle Simpson tells us that

"In JavaScript, a statement might look as follows: a = b * 2;
The characters a and b are called variables which are like simple boxes you can store any of your stuff in. In programs, variables hold values to be used by the program. Think of them as symbolic placeholders for the values themselves. By contrast, the 2 is just a value itself, called a 'literal value', because it stands alone without being stored in a variable. The = and * characters are operators— they perform actions with the values and variables such as assignment and mathematic multiplication. Most statements in JavaScript conclude with a semicolon (;) at the end. The statement a = b * 2; tells the computer, roughly, to get the current value stored in the variable b, multiply that value by 2, then store the result back into another variable we call a.

Statements are made up of one or more expressions. An expression is any reference to a variable or value, or a set of variable(s) and value(s) combined with operators. For example: a = b * 2; This statement has four expressions in it: • 2 is a literal value expression. • b is a variable expression, which means to retrieve its current value. • b * 2 is an arithmetic expression, which means to do the multiplication. a = b * 2 is an assignment expression, which means to assign the result of the b * 2 expression to the variable a (more on assignments later). A general expression that stands alone is also called an expression statement, such as the following: b * 2; This flavor of expression statement is not very common or useful, as generally it wouldn’t have any effect on the running of the program —it would retrieve the value of b and multiply it by 2, but then wouldn’t do anything with that result."

Whereas author of the "Eloquent JavaScript", Marijn Haverbeke tells us :
"A fragment of code that produces a value is called an expression. Every value that is written literally (such as 22 or "psychoanalysis") is an expression. An expression between parentheses is also an expression, as is a binary operator applied to two expressions or a unary operator applied to one. This shows part of the beauty of a language-based interface. Expressions can contain other expressions in a way similar to how subsentences in human languages are nested—a subsentence can contain its own subsentences, and so on. This allows us to build expressions that describe arbitrarily complex computations. If an expression corresponds to a sentence fragment, a JavaScript statement corresponds to a full sentence. A program is a list of statements. The simplest kind of statement is an expression with a semicolon after it. This is a program:
1; !false; It is a useless program, though.

An expression can be content to just produce a value, which can then be used by the enclosing code. A statement stands on its own, so it amounts to something only if it affects the world. It could display something on the screen—that counts as changing the world—or it could change the internal state of the machine in a way that will affect the statements that come after it. These changes are called side effects. The statements in the previous example just produce the values 1 and true and then immediately throw them away. This leaves no impression on the world at all. When you run this program, nothing observable happens."

They both agree that:

(Statements > Expressions)

Statements are statements because they end with a semi-colon, definitely defying Logic, but looking at it deeply, you see that it definitely in a way still has logic, because 1; as a statement doesn't make "sense" but according to logic, it has to equate to true or false, JS does this by converting it to boolean in different cases to fulfill this part of logic (truthy, falsy comes in)

However JS does its best to fulfill this logic, there are cases where JS fails to do this and throws up an error.
E.g, b * 2;
This program throws an error when we try to log it on to the console that it "can't fulfill the logic of evaluating to true or false" as it fails to find the value of b variable expression assuming it was never set.

Looking at this, we see that JS and many other languages are still very much less sophisticated than the human brain in terms of reason as it requires a condition from programmer to make it reason and to make it reason requires lots of conditions underneath, the more reason it gains, the more conditions.

That's it. Reason. Not speed, durability, reliability, but reason.

Nodejs: cd my-journey00

FFFF:0000h — Mon, 02 May 2022 19:45:21 +0000

Last night I wrote my very first Nodejs program, server (they wouldn't let me call it program for buzzword sake) on port 8080 walking to the restroom on a 16gigabyte ROM, 1 thousand megabyte RAM inside the 9th version of the Android distro within the Termux CLI, ladies and gentlemen, ItelA56.

It does a pretty neat job. Last night was the first time I had any experience with backend, I must say the logic in it is fine, very fine. Prior to this, I had always dwelled on the frontend of the Web and only done anything Terminal related on a desktop OS and lightweight android compilers for other programming languages.

All these wouldn't had made sense to me if I read this to myself yesterday but it all makes sense now. Backend logic.

Today I learned about "Node Modules" and what they are, they are like JavaScript libraries (like the Math library with Objects and methods, like the react library used within the head of an html file) which can be imported and exported using a method, require() to call it.

Quick check: While searching for definition of a JS library even though I "knew" it I saw a blog post of skillcrush on the Google results display say: "JavaScript libraries are like pieces of furniture that add style and function to an already constructed house. Frameworks, on the other hand, are a template you use to build the house itself." And that makes sense in the comparison with the Math library and React library. They add to, so I don't have to "reinvent the wheel".

I also learned that a module is different from the Nodejs file, the node file as I've observed carries the listen method, listen(). Wait I missed one part. There's a module called "http" which is an inbuilt module that allows messages to be sent via HTTP (Hypertext Transfer Protocol) through a server that be included (require(d)) to the main nodejs file in order to be able to create a server, because it contains the createserver() method and listen() method.

To call use a module, the require method is required and storing that required module in a variable to used with methods.

var example = require('http');
//require(d) http module is stored in the variable, example.

Using this information, I created a nodejs file (edited the Hello, World! out) and a module file in the same folder and exported it to the main file using the "exports" keyword in the module code so as to enable it function "outside" within a server code. The module was a JS program to display the current date and time using the date() method.

This is logic and sheer programming, the backend.
This is the closest you can be to machine.

Things learned: Logic, Import, export, modules, Library, Framework, Nodejs, backend, server.

Resource used: W3Schools,
Skillcrush

Node (from the Latin word nodus, meaning to knot, an intersection, an edge, a point, a lump.) is a basic unit of a data structure. In graph theory, a graph is a way to describe many things which have relationships. The things are called nodes, the relationships connecting the nodes are called edges. Connecting edges, points, Node. Nodejs.

Day 1 of Problem solving, backend.

How to Create a SpringBoot App.

FFFF:0000h — Thu, 20 May 2021 18:12:51 +0000

This being my first post on here, forgive any error or lack of sophistication. :)

So, there are about 4 ways I KNOW by/in which you can create a SpringBoot Web App AUTOMATICALLY without having to write a single line of code for configuration, e.t.c.

Namely:

By installing extension(s) in VSCode(Virtual Studio Code)
By using start.spring.io's website, well your'e not creating the web app but the means to the web app.
By using the STS(Spring Tool Suite) App
By installing extension(s) in Intellij IDEA

Okay so allow me break this down. I have only used the first two ways/methods, the last two have been confirmed by "sight seeing" :). I can most assuredly tell you that all 4 ways/methods work perfectly fine.

I will only show you how in the order of the no-brainer to the somewhat more brainer :), which are actually easy but for emphasis sake.

You simply type into your browser "start.spring.io" without the (" ") just like that.
This page shows up;

VOILA!
You just go right ahead and give your project a name, and your dependencies, basically whatever suits you.

Since i'm talking about Creating a Web App, i'll be selecting two(2) dependecies,

not that it's a must to select TWO but i believe they are necessary/core to the Web app. As you can see, I've named my project name and selected Maven as the Build Automation Tool for my Java project.

Then you go right ahead by clicking the Generate button, then a zip file is automatically downloaded. As shown below;

that zip file is the key to our Web App, basically, that's our web app in a Zip file, YES i said it! :)

Now that's that on the usage of the start.spring.io site, you can go right ahead importing(after extracting the zip file ofcourse.) it over to your Java supported IDE(Eclipse, VScode, Intellij IDEA, just to name a few.) and start kicking.

Take a good look at the contents of your zip file, we'll be seeing same in the next method using VSCODE Extension download.

*VSCODE

Now, you have your VSCode installed, if you don't, download it via Visual Studio
So, you get things running, and you have this, as shown below;

You are just a few steps closer to your Web App, Congratulations!

You dive right in to your Extensions by clicking the Extensions tab(in the marked section) or using the Windows command CTRL+SHIFT+X, as shown below;

Then search for the Extensions; SpringBoot and Java(as it will be necessary for running the JAVA web app you want), you want to install the SpringBoot Extension Pack and the Java Extension Pack
As at the time of Writing this Post, I think i've seen something better(A combination of both extension packs and much more by Publisher Loaine Groner) to install instead of the the aformentioned, it is shown Below;

Once installed, you go right ahead by using the Command Palette by pressing the command; CTRL+SHIFT+P or simply by Pressing the F1 key on Windows only, then search for spring initialzr, as shown below;

Then click on the Create a Maven Project or whichever suits you, just like the start.spring.io's website we looked into just moments ago, but this is in the UI of VSCode.

Then your'e asked to select Maven version, e.t.c, pretty much all what you did in the first case of the site.

Here we select our dependencies, WEB and DEV Tools

Here we are asked to generate our Web App files into a location just like the one of the site but here, the difference is that, VScode's come extracted(prepared).

There you have it, your files are ready, everything's ready, just to click a few button's all.

After that, you should check your VSCODE and import the java project, or you open the folder in your VSCODE. You should be seeing something like this on the Side(Explorer)bar/section of your VSCODE;

Well, we are just but a handful of steps away, click on the Tree drop down of the src till you get to:

Now we are that point! Irrevocably committed to booting up our WEB APP!
Then We click run, you should see it in the code, or you just right click and run application.

Then you should see your SpringBoot web app coming to life as a Terminal will be displayed for you to see the fruit of your effort. Your BACK-END is Alive!

If you just about scroll down in your Terminal Bar, you'd notice your web app is running on Port 8080.

So, let's check that to be sure we really are live on our browser, go ahead and type localhost:8080

Voila!!
We are Up.

Although, you'll see a fallback error message, what this means is;
'Your'e seeing this because you haven't stated what you want to see'.

So, there you have it folks, that's how you create a SpringBoot Web App.

check out my Github for code
Github

I hope this helps someone.
Thank you.

DEV Community: FFFF:0000h

CORS: The Gatekeeper of Web Interactions

What is CORS?

Same-Origin Policy

How CORS Works

Vulnerabilities in CORS Configurations

1. Reflecting the Origin Header

2. Whitelisted Origin Mistakes

3. Exploiting XSS with CORS

How to Prevent CORS-Based Attacks

Real-World Example: Shopify (2019)

Large Language Models: The Brains Behind Modern AI (like ChatGPT,Siri,Alexa,Cortana)

What is a Large Language Model?

Real-World Uses of LLMs

The Dark Side: LLM Attacks and Prompt Injection

Real-World Examples of LLM Vulnerabilities found

Detecting and Fixing LLM Vulnerabilities

How LLMs Work with APIs

Keeping LLMs Safe

Real-World Analogy (well it's a myth but it doesn't fit to say Mythical Analogy lol): The Trojan Horse

Conclusion

API Testing: A Journey into Reconnaissance and Vulnerability Identification using BurpSuite

API Reconnaissance

API Documentation

Identifying and Interacting with Endpoints

Discovering Hidden Endpoints and Parameters

Testing for Vulnerabilities

Testing with Automated Tools

Preventing Vulnerabilities

Real-World Examples of API Testing Vulnerabilities

Conclusion

Path Traversal: The Hidden Threat to Your Data

What is Path Traversal?

How Path Traversal Works

The Power and Might of ../ Sequence

Hotel Layout:

Path Traversal Steps:

Defenses and Bypasses

URL Encoding Tricks

Protecting Against Path Traversal

Real-Life Examples of Path Traversal Attacks

1. Apache Struts CVE-2017-5638

2. Fortinet FortiOS Path Traversal (CVE-2018-13379)

3. Magento eCommerce Platform

4. Nokia Store App

5. Rubygems.org Path Traversal (CVE-2020-25613)

6. Cisco ASA Path Traversal Vulnerability (CVE-2018-0296)

7. GitHub Enterprise Server Path Traversal (CVE-2020-10546)

8. WordPress Plugin Vulnerabilities

Final words

Node: cd myjourney03

Node: cd myjourney02

CR²UD

Nodejs: cd my-journey01

Anatomy of a nodejs server

The programmers experience

JavaScript and Logic.

Nodejs: cd my-journey00

How to Create a SpringBoot App.

This being my first post on here, forgive any error or lack of sophistication. :)

I will only show you how in the order of the no-brainer to the somewhat more brainer :), which are actually easy but for emphasis sake.

Here we select our dependencies, WEB and DEV Tools

Here we are asked to generate our Web App files into a location just like the one of the site but here, the difference is that, VScode's come extracted(prepared).

The Power and Might of `../` Sequence