OSWE Notes
6 notes
Notes
- Chapter 1 Source Code Recovery and Analysis- Focus on **Java** and **.NET** due to their role in enterprise web applications. - Tools for decompilation: - **.NET**: `dnSpy` used for decompiling and deb
- Chapter 2 XSS to RCE### **HTTP Request for Global Settings Change** **Explanation:** - The attack sequence initiates by exploiting a global settings manipulation vulnerability us
- Chapter 4 ATutor LMS Type Juggling Vulnerability## Overview In Chapter 4, the focus is on exploring a type juggling vulnerability within ATutor Learning Management System (LMS). This type of vulnerability ar
- Chapter 5 ManageEngine Applications Manager AMUserResourcesSyncServlet SQL Injection RCE## Overview This chapter delves into a SQL Injection vulnerability present in the AMUserResourcesSyncServlet of the ManageEngine Applications Manager. This vul
- Chapter 6 Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability## Overview Chapter 6 focuses on an arbitrary JavaScript injection vulnerability found in the Bassmaster plugin of a NodeJS application. This vulnerability all
- Chapter 7 DotNetNuke Cookie Deserialization RCE## Overview This chapter explores the Remote Code Execution (RCE) vulnerability due to deserialization issues in DotNetNuke (DNN), a popular .NET-based content