HolyGhost logoHolyGhost

#web-security

10 posts

Analysis

From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint

Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.

12 min read·#ssrf#cloud#aws
AnalysisCVE-2021-44228

Log4Shell: How a Logging Library Became the Internet's Worst Day

A single string written into a log file could run attacker code on millions of servers. Here is how Log4Shell (CVE-2021-44228) worked, why it spread so far, and what it taught the industry about dependencies.

9 min read·#log4shell#java#rce
Analysis

Directory Traversal: Escaping the Folder You Were Meant to Stay In

By adding ../ to a file path, an attacker can climb out of the intended directory and read files the application never meant to expose. Here is how path traversal works and how to block it.

9 min read·#directory-traversal#web-security#path-traversal
Analysis

SQL Injection: When Your Input Becomes the Database's Command

SQL injection turns a login box or search field into a way to read, change, or destroy a database. Here is how it works, the flavours it takes, and the one fix that actually stops it.

10 min read·#sql-injection#web-security#databases
Analysis

Insecure Deserialization: Trusting a Blob of Bytes Too Much

Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.

8 min read·#deserialization#web-security#rce
Analysis

XXE: When an XML Parser Reads Files It Should Not

XML has a feature that lets a document pull in outside content. Point it at a local file or an internal server and a helpful parser becomes a data leak. Here is how XML External Entity attacks work.

9 min read·#xxe#web-security#xml