What is GHDB (Google Hacking Database)?

The term Google hacking refers to an attack that uses a search engine like Google to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using advanced search operators (such as intitle, inurl, intext, filetype, and more), to locate badly configured…

Read more

Password Reset Vulnerability (Poisoning)

Most web application security vulnerabilities leverage user interaction in ways that were not initially intended by their developers. Password reset poisoning is one such vulnerability that leverages headers, such as the Host header in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice that the…

Read more

What Is Path Traversal?

Path Traversal or as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the document root directory of the application or the web server….

Read more

How To Prevent DOM-based Cross-site Scripting

DOM-based Cross-site Scripting (DOM XSS) is a particular type of a Cross-site Scripting vulnerability. It uses the Document Object Model (DOM), which is a standard way to represent HTML objects in a hierarchical manner. As with all other Cross-site Scripting (XSS) vulnerabilities, this type of…

Read more

How to Prevent Blind SQL Injections: The Basics

Blind SQL Injections are a subtype of SQL Injection vulnerabilities. Exploiting Blind SQL Injections is more difficult and more time consuming for the attacker but the consequences to web application security are similar. Successful exploitation of the database query language gives the attacker control over…

Read more

Secure Your Node.js .env Files

Node.js is an environment that helps you create server-side applications using JavaScript. One of the common Node.js elements that developers like and use are .env files. These files let you easily save and load environment variables. Developers often use them to store confidential information. However,…

Read more