O’Reilly’s video training website is http://www.infiniteskills.com/. One day while I was browsing I found out that their online player can be spoofed with our own content. For example I was able to watch my favorite music videos😉
After reporting I was given to choose any 2 courses for free. Thanks for the reward🙂
I was able to bypass their XSS filter. After responsibly disclosing the vulnerability I got acknowledged.
As usual responsible disclosure🙂
In the world of Windows you can execute shellcode using the VirtualAlloc and VirtualProtect Windows APIs. There are also few more APIs we can use to do the same task but different techniques involved.
This is how MSDN explains this:
Changes the protection on a region of committed pages in the virtual address space of the calling process.
BOOL WINAPI VirtualProtect(
_In_ LPVOID lpAddress,
_In_ SIZE_T dwSize,
_In_ DWORD flNewProtect,
_Out_ PDWORD lpflOldProtect
Basically we can make our shellcode memory region executable and invoke it using this API. We use the PAGE_EXECUTE_READWRITE as the memory protection constant for the flNewProtect parameter to make our page RWX.
Here’s an example using C which I have implemented.
IE and Edge both uses a default XSS filter which is not powerful like the XSSAuditor(Webkit/Blink).
This is how the XSS filter is implemented.
I made some interesting SQLi challenges based on some real world experiences🙂 Give it a shot to test your SQLi skills😉
Thank you very much for more than 100 likes !