InfoSec Write-ups - Medium-- ( Beginners Guide part 2)In the first part of our “Fortigate basic configuration guide”, we looked at administrator set up, interface configuration with DHCP service running that will lease ip addresses to your clients, and finally, we have configured a firewall address object for a specific device on our subnet, My Mac book.We … Continue reading Basic Fortigate Firewall Configuration

InfoSec Write-ups - Medium-- Server-Side Request Forgery (SSRF) is a type of exploit where an attacker can use the functionality of a server for his benefit, to access or manipulate information in the network of the server, which would be not accessible directly to the attacker.In Case of successful SSRF attack:The attacker might cause the server … Continue reading SSRF: Web App Security Basics

InfoSec Write-ups - Medium-- Breaking down — Command InjectionsCommand Injection or OS Command Injection is Remote Code execution vulnerabilities, where an attacker is able to exploit an unsanitized user input further to run default OS commands in the server.Code Injection: allows the attacker to add their own code that is then executed by the application.Command Injection: the attacker … Continue reading Breaking down — Command Injections

InfoSec Write-ups - Medium-- WebGoat SSRF 2WebGoat SSRF lesson 2After watching this mind-blowing talk about SSRF from Orange Tsaihttps://medium.com/media/9d02af942d527d802d6ffec391efd2c0/hreflet’s see what’s in this lessonTom, pretty straight forwardPress the button and we get TomThe lesson explicitly tells us to change the URL to “jerry”Hidden page inputInspect the button with your browser dev tool, find the hidden input and change the URL from “tom” to “jerry”And … Continue reading WebGoat SSRF 2 3