security is a process and not a product. ...
LFI: beyond /proc/self/environ
Let’s suppose that we have a simple php application. The web app has a login form and a small news system based on txt files.
So a user can simple log into the system
And access the company’s internal board:
After looping through all the pages, one can guess that the web app is loading the content for each section from a plain text file.
Reviewing the code clarifies the question.
So at this point, an evil user could perform some local file inclusion and read files in the remote system.
We all know how to exploit that via the “/proc/self/environ”...
SQL INJECTION INTRODUCTION
SQL INJECTION INTRODUCTION
SQL INJECTION INTRODUCTION--
SQL Injection is the most common vulnerability on the internet.
It is mainly flaw in the web application & not a Database or web server issue.
most programmer are still not aware of this threat.
What is SQL Injection ????
Sql
injection is a technique used to take advantage of non-validate Input
vulnerabilities to pass SQL commands through a web Application for
execution by back-end Database.
In
Other words,Sql injection is a basic techniques /attack used to either...
How to Create a Bootable Windows 7
How to Create a Bootable Windows 7
# Run Command Prompt as an administrator. To open a command prompt, go to the Start menu and search for CMD. Right-click on it and select Run as Administrator to use it with admin rights.
# Using the Diskpart utility find the drive number of your flash drive. To do so, type in the following command in the command prompt: DISKPART
Running DISKPART will display the version of DISKPART you are running and the name of your PC.
Type “list disk” to see a display of all your connected disk drives. Make a note...
Column Truncation SQL Injection Vulnerability
Introduction
Some time back I was in NotSoSecure CTF competition, challenge was to use SQL injection(any kind) for obtaining 2 flags, to capture one flag, users were required to register as an admin. The application was vulnerable to column truncation sql injection vulnerability. column truncation sql injection vulnerability is a very interesting vulnerability, its actually a buffer overflow vulnerability, O yeah you heard me. You might think I have gone insane, because usually buffer overflow is related to system exploitation.Part of it is true, but this vulnerability is on Web applications,...
Configure your Gmail in Outlook
Configure your G-mail in Outlook
Login to your gmail and got to settings.
Under 'Forwarding and POP/IMAP', enable both POP3 and IMAP.
Now open your Outlook.
Add new account and put all the required information.
Put your incoming mail server as pop.gmail.com
Put your outgoing mail server as smtp.gmail.com
Click on the 'More Settings' as you need to enable few things.
At the 'Outgoing Server' tab, tick on "My outgoing server" and "use the same settings as my incoming mail server"
Then go to 'Advance' tab, Put the incoming server port as 995 and outgoing server as 465 with...
UnAuthorized Access to Facebook Global Business Solutions Email Preferences
Hello guys,
Today i will share my experience with Facebook company with you, it’s about opening the “Facebook Global Business Solutions Email Preferences” for any user using Facebook on-line services.
But at first i have to active this settings by signing up for any facebook newsletter with my email address “diaa.diab.2012@gmail.com” for example: i will use the form on “atlassolutions.com”.
Now i am on the ‘Facebook Global Business Solutions Email Preferences’ for recieving any newsletter about the following:
Weekly...
الاشتراك في:
الرسائل (Atom)
- Ali BawazeEer
- طالب يمني , متخصص في تقنية المعلومات متحمس في معرفة كل مايختص بأمن المعلومات و تحقيق جرائم أمن المعلومات محب للكل ومحارب للعنصرية بشتى أشكالها ............................................................................. an enthusiastic student, from yemen lover not fighter specialize in BscIT interested in everything related to information security specially in terms of computer forensics