WEB

SQLi via xPath

November 25, 2022July 24, 2023

Exploiting error-based SQL injections via xPath functions. All began by adding a single quote, the most common SQL injection testing character. Server will responde with a visible unhandled error. You…

From YARA rule to XSS.

September 5, 2022January 12, 2023

Exploiting stored XSS via a YARA rule. This was a vulnerability that allowed from a YARA rule, inject stored XSS to hijack cookies or perform phishing. Also these YARAs give…