-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.xml
76 lines (64 loc) · 5 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Nightmare</title>
<link>https://riteshpuvvada.github.io/</link>
<description>Recent content on Nightmare</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-us</language>
<copyright>This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.</copyright>
<lastBuildDate>Sun, 26 Dec 2021 20:19:15 +0530</lastBuildDate><atom:link href="https://riteshpuvvada.github.io/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Log4Shell 0-Day Vulnerability 💀 (CVE-2021-44228)</title>
<link>https://riteshpuvvada.github.io/posts/log4j/</link>
<pubDate>Sun, 26 Dec 2021 20:19:15 +0530</pubDate>
<guid>https://riteshpuvvada.github.io/posts/log4j/</guid>
<description>Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Apache Log4j 2, a popular Java logging framework. It is a remote code execution (RCE) vulnerability involving arbitrary code execution earning a severity score of 10/10.
What is LDAP Server &amp; How Does it Works? The LDAP (Lightweight Directory Access Protocol) is a open, vendor-neutral, software protocol used for directory service authentication.Organizations store usernames, passwords, email addresses, printer connections, and other static information inside the directories.</description>
</item>
<item>
<title>Server-Side Template Injection</title>
<link>https://riteshpuvvada.github.io/posts/ssti/</link>
<pubDate>Wed, 30 Jun 2021 11:41:54 +0530</pubDate>
<guid>https://riteshpuvvada.github.io/posts/ssti/</guid>
<description>Server-Side Template Injection (SSTI) is an exploit in which the attacker can take advantage of an insecure template engine to inject a malicious payload into a template, which is then executed server-side.
What is a template engine? A template engine enables you to use static template files in your application. At runtime, the template engine replaces variables in a template file with actual values, and transforms the template into an HTML file sent to the client.</description>
</item>
<item>
<title>Bypassing Upload Filters</title>
<link>https://riteshpuvvada.github.io/posts/bypassing_upload_filters/</link>
<pubDate>Thu, 20 May 2021 12:05:40 +0530</pubDate>
<guid>https://riteshpuvvada.github.io/posts/bypassing_upload_filters/</guid>
<description>One of the challenging factors to a Hacker in a web application attack is the file upload. The first step in every attack is to get some code and inject it to the system to be attacked. The attack needs to find an uncomplicated and flawless path to get the code executed. Using a file upload attacker achieves his first step.
Examples Attacks on application platforms Upload .jsp file into web tree - jsp code executed as the web user Upload .</description>
</item>
<item>
<title>SQL Injection</title>
<link>https://riteshpuvvada.github.io/posts/sql_writeup/</link>
<pubDate>Wed, 19 May 2021 16:41:12 +0530</pubDate>
<guid>https://riteshpuvvada.github.io/posts/sql_writeup/</guid>
<description>What is SQL injection? SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application&rsquo;s content or behavior.</description>
</item>
<item>
<title>About</title>
<link>https://riteshpuvvada.github.io/about/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://riteshpuvvada.github.io/about/</guid>
<description>Hello, I’m Ritesh
A tech geek mainly focused on networks, which got my special attention towards it. On my way to explore all that networking is made for, My journey started with the curiosity about the wonders of cybersecurity.
And is going on currently playing CTF’s all the time. Initially, I was a noob fascinated by the various hacking techniques gained while hacking them ethically and now I can say I am on the way to hack all these skills ethically into myself !</description>
</item>
<item>
<title>Contact</title>
<link>https://riteshpuvvada.github.io/contact/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://riteshpuvvada.github.io/contact/</guid>
<description>• 💼 - You can find me on Linkedin.
• 📧 - My Mail id [email protected]
• 👨💻 - On Github.
• 🕵️♂️ - At Outlook.
• 🧑💼 - My Résumé .
• 📸 - And Instagram</description>
</item>
</channel>
</rss>