Krunal gaudani

What is the directory traversal? The directory traversal, also known as the path traversal, is a web safety vulnerability that allows an attacker to reach files and directors stored outside the web root folder. "Dot-Dot-Slash (..)" can cross the attacker directions by manipulating the variables with sequences and their variations, and can access the restricted files-as the application source code, configuration files, or system password files. Example:  Instead of accessing: arduino https://example.com/view?file=about.html an attacker might try: bash https://example.com/view?file=../../../etc/passwd This could result in access to /etc/passwd on Unix-based systems if the application doesn't sanitize input correctly. History of directory The origin of the directory traversal weaknesses goes back to the early days of web development when developers user rely much on the dynamic file path generation based on the input. The early CGI scripts and PHP applications were particula...

Server-side request forgery (SSRF) is an important vulnerability that allows the attackers to trick a server in making unauthorized requests on their behalf. These requests often target internal systems that are not publicly accessible, causing internal data exposure, metadata leaks and even severe security implications such as distance code execution in extreme cases. In this comprehensive blog post, we’ll delve into: The history and evolution of SSRF attacks How SSRF works Real-world examples Detection methods Exploitation techniques Prevention strategies 📜 A brief history of SSRF While SSRF weaknesses exist from the early days of web services, their importance increased with the development of cloud computing and microsarvis architecture. Key Events: 2011: SSRF became widely discussed in web security circles after the rise of cloud-hosted services like AWS and GCP. 2014: The Snapchat SSRF bug became popular in bug bounty communities. 2019: Capital One data breach — one of the bigge...

In the world that sometimes developed cyber security, Man-in-the-Middle (MitM) attacks stand as one of the most misleading and dangerous threats. These attacks occur when an unauthorized third party disrupts communication between two trusted institutions - usually a customer and a server - with the intention of theft, modifying or monitoring sensitive data. In this broader blog post, we will find out the history of mitm attacks, how they work, how the attackers exploit them, to detect such infiltration , and most importantly how to stop them . 📜 Man-in-the-Middle Attack History The concept of interrupting communication goes back into war -time espionage. During World War II , intelligence agencies will tap in telephone or radio communication to collect information. For the digital age, faster forward, and the same concept applies-the medium has changed. Timeline of Major MitM Incidents: 1999: The term Man-in-the-Middle gained attention as early SSL (Secure Sockets Layer) flaws were ex...

Each modern web application depends on the serialization - convert items into a stream of bytes for storage or transmission - and deserialization - the reverse process of converting that data back into use to use items. But when this deserialization is unsafe, it can open the door to the remote code execution (RCE), data tampering, enhancement, or even complete system compromise. In this post, we will break as to what is really unsafe Deserialization , its origin, how hackers exploit it, how you can find out , and most importantly - how to stop it . Whether you are a software developer, penetration examiner, or cyber security students, it should be a address that the top 10 vulnerability. 🕰 History of unsafe deserialization attacks 🏗 serialization basics: The serialization allows data structures (objects) to write files, transmit on network, or store into memory, which stores as a bite stream. Deserialization reverses it - converting the bite stream back into an usable object. 📆 tim...

Imagine that your website becomes offline - not due to bug or accident, but because someone deliberately filled your server with so many requests. That’s the essence of a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. In this broader blog post, we are DOS and DDOS attacks, the history behind them , how they are detected and exploited , and most importantly how to stop them . Whether you own a cyber security student, developer, or business, it is necessary to understand this attack vector. 🔙 History of DOS and DDOS attacks 📌 In the early 1990s: Earlier recognized DOS attacks were relatively simple. The attackers will use a single computer to crash or slow down with requests to a target system or with crashed packets. 📌 2000 - Mafiaboy's notorious DDOS: A 15 -year -old hacker, known as Mafiaboy, launched a DDOS attack on major sites such as CNN, Amazon and eBay, causing widespread disruption. The incident exposed the power of botnets (a network of infec...

In the era of data privacy regulations such as GDPR and CCPA, you feel that it would be a matter of past to store passwords in plaintext or transmit unnovated personal data. But sensitive data exposure today is one of the top web app weaknesses, as mentioned by Owasp. This blog examines history, real -world examples, methods of detection, exploitation strategy and practical prevention techniques of sensitive data exposure. 🕰 A brief history of sensitive data exposure In the early 2000s: many websites stored user credentials in plain text or used old hashing methods such as MD5. 2011 - Sony PlayStation Hack: More than 77 million accounts were compromised due to insufficient encryption of individually identified information (PII). 2017 - Equifax Breach: Sensitive data, including SSN, date of birth and driver's license numbers, was exposed due to an unpublished Apache struts vulnerability. 2020s and beyond: Despite progress, the S3 bucket misunderstood, exposed the environmental fil...