IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [escape]

The act of escaping from a virtual machine, containter or sandbox.

10 questions
42
votes
2 answers

Is it possible to escalate privileges and escaping from a Docker container?

I'm learning a lot about docker. I'm practicing creating docker clusters using docker-swarm, registry, shipyard, etc. I saw how easy is to get root in a docker host machine once you entered to the host with a limited user which has docker…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
3
votes
4 answers

Why did "terminal commands" never get a version of SQL "parameterized queries"?

I was taught horrible bad practice when I initially "learned" SQL, which baked in user-submitted input with quotes and attempted to "escape" this (in the beginning, I didn't even escape it at all...). I then had to spend many years unlearning this,…
M. Vencel
  • 31
  • 1
2
votes
1 answer

Container escape - CVE-2022-0492 - hybrid cgroups?

I saw the recent CVE-2022-0492 that can enable container escape, and I have a decent understanding of cgroups and container capabilities, but not very familiar with how hybrid cgroup v1/v2 works, nor how cgroups and capabilities work together.…
4oo4
  • 25
  • 4
2
votes
2 answers

What's the safest virtualization tool for running unsafe software - VirtualBox vs Windows Sandbox vs Hyper-V

I'd want to ask, what's the safest environment to run potentially unsafe software? I'm aware that this question may be very tricky, because each of those may have its flaws, but generally speaking which of those 3 sounds like safest option? Hyper V…
Joelty
  • 219
  • 1
  • 3
2
votes
1 answer

Unescaped data in div or p tags, but unable to exploit

A web application takes user input and displays the data, without any escaping or encoding, in div or p tags. So if I provide as input, the source would look roughly like this:
SaAtomic
  • 989
  • 2
  • 15
  • 27
1
vote
1 answer

SQL Injection after Like Operator with continuing query

is it possible to add a new query like update in between this?: SELECT characters.id as charId FROM characters WHERE characters.name LIKE '%%' ORDER BY `level` DESC, exp DESC LIMIT 10 OFFSET 0 I found out that union is a…
user201856
1
vote
1 answer

Single quotes ' not sanitized

I'm trying to find security issues on my friend's site. There is an input box for subscription. I can enter my email address: Henry@gmail.com After trying different things, I noticed > < " get rejected. But…
user183535
  • 57
  • 3
0
votes
0 answers

Ignore blacklist characters and keywords in SSTI exploit payload

I'm exploiting an SSTI (server-side template insertion) vulnerability in a website written in flask-python. My problem is that payload for RCE is being limited by blacklist. I tried everything with a document that I found to be hyper-detailed but it…
Quang
  • 1
  • 1
0
votes
0 answers

How do I set up a VM for a warzone to prevent Virtual Machine Escapes?

I am looking to join the warzone hosted by overthewire.org using an Ubuntu VM hosted in VirtualBox on Windows 10. I posted here a few days ago asking whether or not others on the warzone could use my VM to compromise my host machine and/or my home…
AwesomeCronk
  • 103
  • 5
0
votes
3 answers

After running a string through mysqli_real_escape_string, is it safe to remove the backslash before echoing it into a page?

I'm using a rich text editor (Nicedit) with a cms project I'm making. In order to reduce the likelihood of SQL injections, I'm using the mysqli_real_escape_string function to escape the user input before putting it into the database. However, I…
Panpaper
  • 101
  • 1