security is a process and not a product. ...
LFI: beyond /proc/self/environ
Let’s suppose that we have a simple php application. The web app has a login form and a small news system based on txt files.
So a user can simple log into the system
And access the company’s internal board:
After looping through all the pages, one can guess that the web app is loading the content for each section from a plain text file.
Reviewing the code clarifies the question.
So at this point, an evil user could perform some local file inclusion and read files in the remote system.
We all know how to exploit that via the “/proc/self/environ”...
SQL INJECTION INTRODUCTION
SQL INJECTION INTRODUCTION
SQL INJECTION INTRODUCTION--
SQL Injection is the most common vulnerability on the internet.
It is mainly flaw in the web application & not a Database or web server issue.
most programmer are still not aware of this threat.
What is SQL Injection ????
Sql
injection is a technique used to take advantage of non-validate Input
vulnerabilities to pass SQL commands through a web Application for
execution by back-end Database.
In
Other words,Sql injection is a basic techniques /attack used to either...
الاشتراك في:
الرسائل (Atom)
- Ali BawazeEer
- طالب يمني , متخصص في تقنية المعلومات متحمس في معرفة كل مايختص بأمن المعلومات و تحقيق جرائم أمن المعلومات محب للكل ومحارب للعنصرية بشتى أشكالها ............................................................................. an enthusiastic student, from yemen lover not fighter specialize in BscIT interested in everything related to information security specially in terms of computer forensics