Redcentric offers comprehensive penetration testing services including infrastructure, application, mobile, and social engineering assessments to identify and remediate security vulnerabilities before exploitation. Their approach combines manual testing techniques with business logic analysis to provide actionable security insights and regulatory compliance support.
A SQL injection vulnerability was discovered in the login endpoint of bootcamp.nutanix.com where unsanitized user input in the email and password JSON parameters allowed extraction of database version information via error-based SQLi techniques. The vulnerability was exploited using simple quote injection and extractvalue() functions to trigger MySQL errors revealing system details.
A case study demonstrating Oracle SQL injection exploitation techniques using string concatenation operators and the rownum function to bypass filtering of CASE statements and special characters. The attacker enumerated column names and extracted data through blind SQL injection despite character restrictions on underscores, parentheses, whitespace, and other special characters.
Step-by-step exploitation of multiple SQL injection vulnerabilities in Oculus' website, demonstrating blind SQL injection techniques with whitespace and comma filtering bypass to extract admin session credentials. The attacker chained five SQL injections together, using creative MySQL syntax (comment blocks, OFFSET instead of comma-based LIMIT) to gain administrator access without prepared statements.
A writeup on bypassing a Web Application Firewall (WAF) to exploit a blind SQL injection vulnerability discovered during security research. The article documents the techniques used to evade WAF detection while exploiting the underlying database vulnerability.
A university implemented Pentest Wednesday® to measure the real-world impact of security improvements beyond traditional metrics, moving from phishing simulations to validating domain compromise risk and quantifying blast radius reduction.
A penetration test discovering an XSS vulnerability in a custom-built AI chatbot that can be exploited to achieve zero-click account takeover without user interaction.