In this post I will write my own simple penetration testing, trying to exploit Phrogress with simple common SQL Injection vurnerability. To simplify and automate the testing process, we are going to use tools
We are going to test Project Details page. To access the page, we need to be authenticated first, so we need to give
cookie header to the sqlmap.
adam@redframe:~$ sqlmap -u "http://0.0.0.0:3000/projects/3*" --headers="cookie: _phrogress_session=ZGpOTUQ5aEFic243ZGxsR1Q2QmsrNzYzbWJlWXZJQjN0ZnBuN0NtYWVaNVV1bzAwS2c1bENQbTlVRHNhdnNEQndqYUg5UkZmdWhqcEJyNWU1clhKem56cHVNeU1XbzdEZVZZc3pCNFE0L2txem8rd2dNdnRNWi8vcmtUMVF5N01JWklnQnBEYjlxVDZYWlRSc2QzbDZLOGhObVFtTHZvZWJGcWx5OGs0bU5HV08xalFyWVBHbzlxeWtLVS9Fc2Fad3A2Y0ViM3VVQ0l0V2NBUEZvV1RqNDVwcmx6dWJ0Q3lmQ1VaS3c0SUlVWm5xZEtFdTU4UUFwNUFPK2gxb3FpTDUxSXNUMjhaSkwvbzZEd0Y2SWRHZXV0d2k4eno2VUM1aXNzTlZueTl3TGF5WWdYZTAyUzk5dHl0aDdnNHd6eElZZXhDcTdlS2ZSa0VRdXNqSGUyUzRhK3BWcmtWaStZcHNkb2UxcGxXYi9qRTl3Q1pBeUtCWVZhTFBmVnU0RGxEMkdvTmtuckNrQUNHUHNUMDlHb0JjTU5qeXorYmZyME1YTnc2dWk0RHRFZVlrUzA3dUhjVkhKQUtETE5ZbFNyci0tR0FYcndKMGVOWlhBaEg1MjhsU3o2Zz09--4341b6586c94c6d60e93abd70df968f889316650"
Continue reading “Simple SQL Injection testing”
In our project, we use React for handling frontend business. Our project is a web-based application, in which interactivity is required, views that are dynamically transformed are something common in the project.
In this post, I will write why we choose to use React. Continue reading “Why use React”
In this post, I will guide you how to create a React Component step-by-step
Step 1: Create the Component
After sprint review, we decided that we need to meet up with our partner, Peentar, to validate our idea and show them our progress.
Continue reading “Meeting the Partner, Peentar”
Deploying to Heroku is straightforward. Making your continuous integration works is okay. Using your continuous integration to deploy to Heroku is… managable.
In this post, I will narrate about how I make our supreme application to be auto-deployed to heroku whenever we commit something to a branch (develop or master). Continue reading “Heroku, deploy!”
In my previous post, I have discussed about some theory of code coverage and stuffs. In this post, I will talk about how to produce code coverage percentage with RSpec and Jest, and how to merge the result by utilizing Codecov script.
Continue reading “Code coverage implemented: RSpec and Jest unite in Codecov!”