Sandbox for HoneyPot
I monitor bots activity for a while and often see such behavior:
* [SUCCESS] Robot comes...
Hello! We have 0 resources for you...
ModSecurity rules verification
ModSecurity [https://www.modsecurity.org/] is open-source WAF. It protects web
applications with libinjection and...
How to turn any website into Wordpress/Drupal honeypot
When new exploit to popular CMS's vulnerability appears, same day someone will
send it all...
Part 2. libinjection: different databases fuzzing
It is sequel of previous article [https://waf.ninja/libinjection-fuzz-to-bypass/],
where I was fuzzing MariaDB...
libinjection: fuzz to bypass
libinjection is a library that parses parameter value to SQL elements (tokens)
and check if...
Showcase: Struts2 vulnerability evolution
Apache Struts 2 [https://en.wikipedia.org/wiki/Apache_Struts_2] is used as
framework...
Showcase: DOM-based XSS
Cross-Site Scripting (XSS) vulnerabilities are divided into three types:
* Reflected: when payload is injected from...
Review: wtt OWASP CRS 3.0 bypass
A while ago I had to make comparison of different Web Application Firewalls
based on...
Review: WAFNinja
WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and
PHDays 2016.
This...