Somdev Sangwan

About 3 days ago, I was recursively bruteforcing subdomains for a domain and I stumbled upon a domain that hosted an admin panel. I guess it was my lucky day because it didn’t require any authentication. It a web interface to monitor and control some sort of industrial machines. They might have thought that it’s well hidden and it needs to be accessed a million times a day by every other employee so they kept it open to keep off the hassle.

I thought I hit the jackpot but then I realised I could just monitor the systems, I needed credentials to make the machines do anything.

TL;DR Cybrary leaks usernames from multiple endpoints, has no restrictions on password strength, has xml-rpc enabled which makes it a good target for password spray attacks.

Simply put, XSS is an underrated vulnerability. Well, there are a couple of good reasons:

• It’s a client side vulnerability
• White hats just need that popup for POC (most of the times)
• Most of the blacks hats don’t know enough JS to make money out of XSS

Things were really simple when webpages were static. Write some text, add images, add links and serve it to your users.
Then JavaScript came into existence and it made webpages dynamic.

Hi there! This article is focused on whats important and I hope you have read my introductory article about SQL and SQL injection . So lets go!

As we know, data is stored in databases . A server can have many databases. Databases contain tables and tables contain data in the form of rows and columns .