Profile picture
, 4 tweets, 2 min read
My Authors
Read all threads
In a second order SQL injection, an application takes a user input from an HTTP request and stores it for future retrieval. It is two parts injection
#HTB #infosec #websecurity
An example of this would be a vulnerable application that has "sign up" page and "login page". The sign up page would be used to send POST requests to store data in the db in a form of SQL query and the login page would be used to send different POST requests to retrieve thedata
@LissanonCedric actually, no both requests are POST requests. That was a typo, I fix it . Thanks for bring it up 👍
@threadreaderapp unroll
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Nairuz Abulhul

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#HTB #infosec #websecurity

More from @NairuzAbulhul see all

Profile picture
Nairuz Abulhul
@NairuzAbulhul
Same Origin Policy is a web security concept that allows browsers to prevent loading scripts from different sources or reading cookies and session data remotely. It helps to prevent basic XSS and CSRF attacks #websecurity #infosec
An origin consists of a URI scheme://+host name + port number
Ex: example.com:8080
*If no port is given, it will be given the default port of the scheme. HTTP is 80 and HTTPS is 443
This policy allows browsers to load and read data from the scope of the same origin only
Ex: company.com as an origin can load scripts and read data only from pages that have the same origin as http:// company.com or company.com/dir/
Read 5 tweets

Related threads

Profile picture
Den Iuzvyk
@duzvik
🔥 Interesting research about The Dukes (aka APT29 and Cozy Bear) from ESET.
welivesecurity.com/2019/10/17/ope…

To save somebody time, it’s 40 pages. Some interesting info in the thread below
RegDuke: first stage implant (.net obfuscated via .NET Reactor)
Standard switch/case inside a loop workflow.
Persistence via WMI( WMI consumer named MicrosoftOfficeUpdates. It is launched every time a process named WINWORD.EXE is started )
- read encrypted file from hardcoded or in-registry path
- decrypt(PBKDF2) with hardcoded pathword and salt stored at registry
Read 12 tweets
Profile picture
Science of Salaat
@sosalaat
PPOPHET MUHAMMAD’S LAST SERMON

Prophet Muhammad (peace be upon him) delivered his last sermon (Khutbah) on the ninth of Dhul Hijjah (12th and last month of the Islamic year), 10 years after Hijrah (migration from Makkah to Madinah) in the Uranah Valley of mount Arafat.
His words were quite clear and concise and were directed to the ENTIRE HUMANITY .
After praising, and thanking Allah he said:

“O People, lend me an attentive ear, for I know not whether after this year, I shall ever be amongst you again.
Therefore listen to what I am saying to you very carefully and take these words to those who could not be present here today.
O people, just as you regard this month, this day, this city as Sacred, so regard the life and property of every Muslim as a sacred trust.
Read 15 tweets
Profile picture
getify
@getify
my timeline is full of tweets from two major camps in front-end dev right now...

one camp is vehement that we need even more doubling-down on JS frameworks for this whole "microfrontends" fad, and the other camp is insistent that this whole "SPA" thing is a regrettable fad.
My eyes hurt from rolling back in my head so far.

I think both camps are wrong, because they're both obsessed with making decisions based on what's most attractive to the devs building it.

Building the web for users is left out of the conversation.
Our industry is full of messages about how we do X or Y "for the user", but really, when you break these down, these are for devs first, with (at best) a second order benefit supposedly trickling down to the user.
Read 12 tweets
Profile picture
VikingSec
@Viking_Sec
[Big Announcement - Hack 0x04 Dance]

TL;DR I'm bringing back educational hacking streams, this week is a charity week benefiting my sister in law's non-profit which seeks to teach ballet to at-risk inner city girls, and I'm doing another 24 hour stream this Friday at 4PM CST.
Hey all! Last month I did a 24 hour charity live stream benefiting the @thirstproject clean water initiative. We raised over $1,100 in 24 hours for clean water in Africa and it... was... AMAZING.

This month, though, it's a bit more personal.
My sister in law has been teaching ballet to inner city, at-risk young girls for over a year. They are fantastic little dancers, but are performing in ripped tights and worn shoes, with no replacements handy. They're practicing out of churches that give them the free space,
Read 6 tweets
Profile picture
ACotonio
@ACotonio
#infosec moment:

1/ Met a gentleman this morning outside our agency building today. Enjoyed some small talk; turns out he just got picked up for a dream infosec job. His first actually. Had joined the USAF in aircraft maintenance, pushed himself to learn IT after hours.
2/ You could tell within the first 30 seconds how passionate he is about this field, and how his intelligence and drive would take him far. By 60 seconds, you could also see his self-doubt & tendencies towards Impostor Syndrome.
3/ Ended up spending nearly 30 minutes just mentoring. He had seen me around in cyber (new here myself), and heard my honestly undeserved nickname “MegaMind”. Turns out it wasn’t entirely a chance encounter.
Read 8 tweets

Trending hashtags

#infosec #Qu #infographics #white #Linux #opsec #Learn #disinfo #black #IndivisibleTimes #fakenews #Arab #Reference #stray #listen #walkaway #Perform #BugBounty #example #faith #Bukhari #threatintel #tools #Systems #MoscowMitch
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!