OS Command Injection is that the software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
This article describes that how did I find CVE-2019-11224 and three ways for bypassing “space” character while OS Command Injection.
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
Return-to-libc is a method that defeats stack protection on linux systems.
This article will show you that how to attack C program by using buffer overflow and return to Libc method to pop a bash shell.
Recently, Apache released Apache httpd 2.4.26. And 2.4.26 fix a lot of issues. You can find the detail in this link. One of the issue is CVE-2017-7659. This article will discuss this issue and show the payload.
This article tell you how to reverse and inject your own code to Android Application. Therefore you can get sensitive information, Series Number or other information.