Sign in


In this writing you will learn about XPath injections and I will try to be as clear as possible.

What is an xpath injection?

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. …


En este escrito aprenderás acerca de inyecciones Xpath e intentaré ser lo mas claro posible.

Qué es una inyección xpath?

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. …


En esta ocasión me gustaría relatar paso a paso otra de las inyecciones que mas me han gustado

Se trata de un sitio que me llegó de parte de un colega para testear juntos!

El parametro en donde se hace el ataque sirve para mostrar un documento en PDF y…


On this occasion I would like to relate step by step another of the injections that I liked the most.

This is a site that came to me from a colleague to test together!

The parameter where the attack is made is used to display a PDF document and it…


What is dorking?

Google hacking or Dorking is nothing more than a way of looking for things a little more specialized, by the name “Google Hacking” you can give the impression that it is only used in google, but that is not correct. Dorking is nothing more than an advanced search where we…


sql injection | LaptrinhX

In this writing I will leave some tips for sql injections, where I will try to explain only specific points.

First we will talk about how to find a vulnerable page thanks to google hacking.

Dorks


sql injection | LaptrinhX

En este escrito dejaré algunos tips para inyecciones sql, en donde trataré de explicar solamente puntos específicos.

Primero hablaremos de como encontrar una página vulnerable gracias a google hacking.

Dorks


In this writing I would like to show you a somewhat peculiar case with which I came across testing a website.

This is an sql injection where I could bypass the “mod_security” waf.
When I start the sql injection test I realize that the website is using that waf.

We…


En este escrito me gustaría enseñarles un caso algo peculiar con el que me encontré testeando un sitio web.

Se trata de una inyección sql en donde pude bypassear el waf “mod_security”.

Al iniciar el el testeo de inyección sql me doy cuenta que el sitio web esta usando ese…

_Y000_

Hola, Bienvenido a mi perfil de Medium! Soy Y000! 😊 ¿Quién soy? 🤔 Bueno… soy yo jaja soy solo un apasionado por la seguridad informatica.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store