Web application security testing

Testing for CVE-2018-11784 - Apache Struts 2 Open Redirect vulnerability

On Wednesday 3 October 2018 the Apache Software Foundation has released information about an Open Redirect vulnerability in Apache Struts 2. The vulnerability received identifier CVE-2018-11784.

This page explains how you can test if your web application is vulnerable to this issue.


Anatomy of the SQL injection in Drupal’s database comment filtering system SA-CORE-2015-003

In the Drupal security advisory that was released on August 19th, 2015 Drupal’s security team announced that it solved an SQL injection vulnerability in the Drupal database API.

The security advisory contained the following description of the SQL injection vulnerability:

A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments.


Solution for java.lang.ClassNotFoundException when loading your Burp Suite extention

When building your own Burp Suite extension, it can occur that compiling your code and creating the jar works find, but that you get the exception java.lang.ClassNotFoundException when loading your extention in Burp Suite. This article shows the solution to your problem.

The reason is suite simple: Burp Suite expects to find your implementation in a Java package called "burp". Having the line package burp; in your source files is not enough! You also have to take this into account when creating your jar file.


Creating and building Burp Suite extention using Java command-line tools

Burp Suite allows you to easily write your own plugins, to perform complex and highly customized tasks within Burp. PortSwigger (the developer behind Burp Suite) created a series of blog posts wherein he explains what can be done with Burp Extensions. In his first blog post about the subject (see Writing your first Burp Suite extension) PortSwigger explains how you can build your own extension using an IDE. Some of us prefer however to not use a heavy IDE, but to compile the jar from the command-line. This article show how to use the javac and the jar command to create your Burp extension from the command-line.


Backtrack 4 customization

This page is mainly a checklist for myself to know how I have to customize a freshly downloaded version of Backtrack 4.

Change keyboard layout

Use the following command to change the keyboard layout:

dpkg-reconfigure console-setup

Accept all default, except changing the origin to Belgium (if you want to use be-latin1).

Update all packages

apt-get update
apt-get upgrade

Configure SSH

You still have to generate your SSH keys



You might also be interested in...

Subscribe to RSS - Web application security testing