How to launch HTTP Splitting attack on WebGoat lession (part 1)

Hello everyone, how are you today ?

Are you okay? I hope so.

Are you happy? I hope so.

In this post, we will say something about a hacking method to get a chance to launch XSS attack. The method I want to describe here is named HTTP Splitting. We will learn something about it and get practice with WebGoat.

This is some definition and description about it.

The essence of HTTP Response Splitting is an attacker's ability to send a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response. This type of vulnerability can be exploited to perform several web application based attacks

How to install WebGoat 5.2 on Fedora/CentOS ?

Hello everyone. How are you today?

Are you okay? I hope so.

Are you happy? I hope so.

On this day, with some free time, we will take a note for installing WebGoat on Linux system.

What is WebGoat?

Okay, this is a brief answer:

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application.

For a novice user on hacking world, It's a good starting point. We can learn and practice with it to understanding basic skills. So, get start!

DNAME record on DNS, LDAP

Hello everyone.
How are you today ?
Are you happy ? - I hope so
Are you ok ? - I hope so

Khái niệm
DNAME (Distinguished Name) là một chuỗi (string) thông tin rất thường gặp trong quá trình quản lý, lưu trữ thông tin trên LDAP server, DNS server. Vốn dĩ, DN được định nghĩa, thiết kế là một primary key trong một cấu trúc thư mục theo chuẩn X.500.