Entries by Triin Mahlakõiv

Docker Basics

Docker is a software platform for building applications in small and lightweight execution environments called containers, which are isolated from other processes, operating system resources, and kernel. Containers are assigned resources that no other process can access, and they cannot access any resources not explicitly assigned to them. The concept of containerization has been around […]

SQL Injection Isn’t Going Anywhere

SQL injections might sound like a thing from the past, but in actuality, it is still one of the most widely used methods of attack by hackers around the world. As stated in the Akamai Media Under Assault report a staggering 69.7% of all web application attacks between January 2018 and June 2019 were SQL injections. […]

Blind SQL Injection

Blind SQL injection is similar to normal SQL injection, except that the HTTP responses will not contain the results of the relevant SQL query and a generic error page is shown instead. Only one bit of information (true/false) can be extracted per request – but that is all it takes. We are going to take […]

Meteor Blind NoSQL Injection

I recently came across a Meteor application, which had a publicly callable method ‘users.count’ that would return the count of users registered in the app. While this may not be significant from a threat assessment perspective, I decided to give it another look and dig a bit deeper. By calling the users.count method with the argument {}, the backend would return 1923, the […]

Blind Command Injection

Executing a Command Injection attack simply means running a system command on someone’s server through a web application or some other exploitable application running on that server. Executing a Blind Command Injection attack means that you are unable to see the output of the command you’ve run on the server. This is one of the […]