Secjuice
  • Technical
  • OSINT
  • Unusual Journeys
  • HoF
  • Write With Us
  • Hire A Writer
  • About Us
  • Rankings
theMiddle

theMiddle

OWASP Core Rule Set Developer, Co-Founder at Rev3rse Security, I ❤️ to break application firewalls.

Italy •
16 posts •
INFOSEC

Make WordPress Pingback Great Again

DoS Amplification and CDN/Load Balancer/WAF bypass. This article aims to show you how a number of ways you can collect WordPress pingback.

  • theMiddle
    theMiddle
8 min read
TECHNICAL

BugPoC XSS Challenge Writeup

Bypassing Content-Security-Policy and escaping an iframe sandbox.

  • theMiddle
    theMiddle
7 min read
INFOSEC

Advanced boolean-based SQLi filter bypass techniques

Learn how to bypass filters and Application Firewall rules using MySQL String Functions, Regex Functions, Conditional Select and Set Variables to exploit a blind (boolean-based) SQL Injection vulnerability.

  • theMiddle
    theMiddle
4 min read
TECHNICAL

XSS: Arithmetic Operators & Optional Chaining To Bypass Filters & Sanitization

How to use JavaScript Arithmetic Operators and Optional Chaining to bypass input validation, sanitization and HTML Entity Encoding.

  • theMiddle
    theMiddle
7 min read
TECHNICAL

How To Bypass CSP By Hiding JavaScript In A PNG Image

Hide a malicious JavaScript library in a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP).

  • theMiddle
    theMiddle
18 min read
TECHNICAL

ModSecurity Denial of Service Details and PoC CVE-2019-19886

Security researcher Andrea Menin tells us the story of vulnerabilities he found in libModSecurity.

  • theMiddle
    theMiddle
4 min read

JavaScript Malware Targeting WordPress

Infosec researcher Andrea Menin returns with a technical breakdown of Javascript malware targeting Wordpress installs.

  • theMiddle
    theMiddle
5 min read
TECHNICAL

Abusing PHP query string parser to bypass IDS, IPS, and WAF

Learn how IDS, IPS, and WAFs are vulnerable because of the design limitations of the PHP query string parser.

  • theMiddle
    theMiddle
7 min read
TECHNICAL

Bypass XSS filters using JavaScript global variables

In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.

  • theMiddle
    theMiddle
7 min read
TECHNICAL

DNS over HTTPS (+ModSecurity WAF)

One of the problems with DNS is that a query is sent over an unencrypted connection, anyone listening to the packets knows the websites you visit.

  • theMiddle
    theMiddle
8 min read
TECHNICAL

Uncover Infected Website Visitors Using Content Security Policies

Security researcher Andrea Menin discovered that thousands of his website visitors were infected by using a content security policy.

  • theMiddle
    theMiddle
7 min read
TECHNICAL

How To Exploit PHP Remotely To Bypass Filters & WAF Rules

Learn about the possibilities that PHP gives us to exploit and execute code remotely in order to bypass filters, input sanitization, and WAF rules.

  • theMiddle
    theMiddle
7 min read
CTF

Apache Struts2 CVE-2018-11776 POC

Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.

  • theMiddle
    theMiddle
4 min read
TECHNICAL

Web Application Firewall (WAF) Evasion Techniques #3

Uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let's show it can be done on CloudFlare WAF and ModSecurity OWASP CRS3

  • theMiddle
    theMiddle
6 min read
TECHNICAL

DNSBL: Not just for spam

Security practitioner Menin_TheMiddle is using DNS to stop botnet, spammers and anonymous traffic with Nginx, Lua and DNSBL. Find out how.

  • theMiddle
    theMiddle
13 min read
CYBERSEC

AppArmor: Say Goodbye to Remote Command Execution.

How to kill RCE and RFI directly on the php-fpm process. Let's do a test exploiting Drupalgeddon2.

  • theMiddle
    theMiddle
5 min read
Secjuice © 2021
Linkedin Facebook Twitter Remote Browser Isolation