search

ivyhan-se / mini-tribble

0 stars 0 forks source link

injection #2

Open ivyhan-se opened 2 years ago

ivyhan-se commented 2 years ago

command injection

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: OS command injection (Detected by phrase)

Matched on "command injection"

What is this? (2min video)

In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.

Try this challenge in Secure Code Warrior

pandyex commented 2 years ago

test issuce CWE-118

pandyex commented 2 years ago

CWE118

pandyex commented 2 years ago

CSRF

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Cross-site request forgery (Detected by phrase)

Matched on "CSRF"

What is this? (2min video)

Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.

Try this challenge in Secure Code Warrior

pandyex commented 2 years ago

CWE285

pandyex commented 2 years ago

CWE112

pandyex commented 2 years ago

CWE 112

pandyex commented 2 years ago

CWE_112

pandyex commented 2 years ago

stored XSS

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Stored cross-site scripting (Detected by phrase)

Matched on "stored XSS"

What is this? (2min video)

Stored cross-site scripting vulnerabilities happen when unescaped input is displayed by the application after successful storage in persistence layers (e.g. database or cache). When HTML or script is included in the input that is stored in the database, and is then rendered into a page without escaping or encoding, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "XSS"

What is this? (2min video)

Reflected cross-site scripting vulnerabilities occur when unescaped input is displayed in the resulting page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try this challenge in Secure Code Warrior

pandyex commented 2 years ago

CWE 112 CSRF

pandyex commented 2 years ago

CWE 112 CSRF injection

pandyex commented 2 years ago

CWE 112 CSRF

pandyex commented 2 years ago

XSS

pandyex commented 2 years ago

CWE 352