Skip to main content

Posts

Showing posts from December, 2013

SQL Injection Test 1

Search Google about Dork List 2013 SQL Injection Here are some from the list is :       http://tutsql.blogspot.com/2013/06/dork-list.html       http://securitypedia.blogspot.com/p/dork-list-2013_7588.html     -- choose one way of them to google it like : inurl:newsdetail.php?id=
Post a Comment
Read more

SQL Injection & Data Store Manipulation

Web sites store ever-increasing amounts of information about their users, users’ habits, connections, photos, inances, and more. These massive datastores present appealing targets for attackers who wish to cause damage or make money by maliciously accessing the information. While credit cards often spring to to mind at the mention of SQL injection any information has value to the right buyer. In an age of organized hacking, attackers will gravitate to the information with the greatest value via the path of least resistance. Here we examine an attack directed solely against the web site and its database: SQL injection. A single SQL injection attack can extract the records for every user of the web site, regardless of whether that user is logged in, currently using the site, or has a secure browser.
Post a Comment
Read more

HTML injection and cross-site scripting (XSS)

HTML injection and cross-site scripting (XSS) is an ideal vulnerable to exploitfor attackers across the spectrum of sophistication and programming knowledge. Exploits are easy to write, requiring no more tools than a text editor—or sometimes just the browser’s navigation bar—and a cursory knowledge of JavaScript, unlike buffer overlow exploits that call for more esoteric assembly, compilers, and debugging. XSS also offers the path of least resistance for a payload that can affect Windows, OSX, Linux, Internet Explorer, Safari, and Opera alike. The web browser is a universal platform for displaying HTML and interacting with complex web sites. When that HTML is subtly manipulated by a few malicious characters, the browser becomes a universal platform for exposure. With so much personal data stored in web applications and accessible through URLs, there’s no need for attackers to make the extra effort to obtain “root” or “administrator” access on a victim’s system. The reason for targ...
Post a Comment
Read more