Category - API Security Blog

API Securing in 2021??Top 10 Best Practices

### API Securing in 2021? Top 10 Best Practices I love drawing inspiration from real life and todays article is no different. I often get asked the question on how to hack an API but what some peop ...

May 30, 2022

CVE-2021-21702

A NULL pointer dereference issue is in the SOAP extension of PHP. More specifically, the flaw occurs in the SoapClient when parsing a WSDL document due to improper checking of a child node name. A mal ...

May 30, 2022

BigBountyRecon – This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

[![](https://1.bp.blogspot.com/-1de0aBPNIWk/YAUWk6HkngI/AAAAAAAAVBA/s_ZSe7IlI7IkK-BtzxPMSmMHzAoV1_H6QCNcBGAsYHQ/w640-h396/BigBountyRecon_1.png)]() BigBountyRecon tool utilises 58 different techniques ...

May 30, 2022

Exploit for Missing Authentication for Critical Function in Sap Netweaver Application Server Java

[CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizar...Read More ...

May 30, 2022

SAP Unauthenticated WebService User Creation

This module leverages an unauthenticated web service to submit a job which will create a user with a specified role. The job involves running a wizard. After the necessary action is taken, the job is ...

May 30, 2022

U.S. Dept Of Defense: SharePoint Web Services Exposed to Anonymous Access

Summary: Any unauthenticated/anonymous users are able to access the SharePoint Web Services (.wsdl files) for the ?????????? website. Description: The SharePoint installation for this particular site ...

May 30, 2022

Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service S ...

May 30, 2022

Kentico CMS 12.0.14 Remote Command Execution

Post ContentRead More ...

May 30, 2022