But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...
- Mar 21 Fri 2008 00:19
SQL Injeciton IN ASP.NET ....... ( SQL Injections are always the same @@||| Read it by your own )
The database is the heart of most Web applications: it stores the data needed for the Websites and applications to "survive". It stores user credentials and sensitive financial information. It stores preferences, invoices, payments, inventory data, etc. It is through the combination of a database and Web scripting language that we as developers can produce sites that keep clients happy, pay the bills, and -- most importantly -- run our businesses.
But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...
But what happens when you realize that your critical data may not be safe? What happens when you realize that a new security bug has just been found? Most likely you either patch it or upgrade your database server to a later, bug-free version. Security flaws and patches are found all the time in both databases and programming languages, but I bet 9 out of 10 of you have never heard of SQL injection attacks...
- Sep 22 Sat 2007 20:17
SQL Injection Paper By BS
- Sep 22 Sat 2007 20:11
Files About PHP Security
http://www.divshare.com/download/2065779-9ca
- Sep 22 Sat 2007 19:53
Learning PHP in Ten Days
以前寫了十天學會ASP,十天學會ASP.NET什麼的,現在想想再寫個PHP吧,也算比較全了。 PHP的調試方法我這裏就不說了,外面很多文章都有介紹,也有很多不同的組合。我這裏暫時是以 Apache web server 和 MY SQL 作為WEB伺服器和資料庫,在php-4.3.3下的環境做的程式。當然要簡單的構建和訪問查看資料庫 PHPMYADMIN 不可少。 至於表單設計什麼的,我這裏也不想多說了,在《十天學會ASP》中已經有介紹。 下面簡單介紹一下PHP的語法。 1、嵌入方法: 類似ASP的,PHP中也可以=變數? >
。
邏輯運算:
邏輯運算:
- Sep 22 Sat 2007 19:46
MySQL Injection Basic
- Sep 22 Sat 2007 19:44
Blind Mysql Injection
- Sep 22 Sat 2007 19:42
Advanced MYSQL Injection
前言
我的《SQL Injection with MySQL》(《駭客防線》7月的專題)已經對MySQL的注入有了比較全面的介紹了,但是有一個危害相當大的函數,我並沒有在文中提及,因為如果能靈活 應用這個函數,那PHP甚至伺服器的安全性均會大打折扣,由於《SQL Injection with MySQL》的發表時間是在暑假期間,考慮到很多新手、學生和品德敗壞的人亂用,所以我並沒有把這個寫在該文裏,其實本文在5月初已寫完。專題發表後,很 多人已經陸續轉到PHP+MYSQL注入的研究,很多新技術將會陸續挖掘出來,我們所掌握這方面未公開的高級技巧也會陸續公佈出來。至於比較基礎的東西, 本文就不再提了。
我的《SQL Injection with MySQL》(《駭客防線》7月的專題)已經對MySQL的注入有了比較全面的介紹了,但是有一個危害相當大的函數,我並沒有在文中提及,因為如果能靈活 應用這個函數,那PHP甚至伺服器的安全性均會大打折扣,由於《SQL Injection with MySQL》的發表時間是在暑假期間,考慮到很多新手、學生和品德敗壞的人亂用,所以我並沒有把這個寫在該文裏,其實本文在5月初已寫完。專題發表後,很 多人已經陸續轉到PHP+MYSQL注入的研究,很多新技術將會陸續挖掘出來,我們所掌握這方面未公開的高級技巧也會陸續公佈出來。至於比較基礎的東西, 本文就不再提了。
- Sep 22 Sat 2007 19:39
What is SQL Injection
What is SQL Injection?
If you are designing a Web site, or already have an existing Web site, you may be worried about potential "attacks" from rogue users. Too often, Web site developers focus solely on the security issues of the chosen operating system and Web server the site will run on. While IIS security holes can allow for malicious attackers, IIS security is not the only item that should be on your security checklist. The code that is commonly written for data-driven Web sites is often as serious a hole as any IIS hole. Such a programming code hole that can be exploited has been dubbed the SQL injection attack.
If you are designing a Web site, or already have an existing Web site, you may be worried about potential "attacks" from rogue users. Too often, Web site developers focus solely on the security issues of the chosen operating system and Web server the site will run on. While IIS security holes can allow for malicious attackers, IIS security is not the only item that should be on your security checklist. The code that is commonly written for data-driven Web sites is often as serious a hole as any IIS hole. Such a programming code hole that can be exploited has been dubbed the SQL injection attack.
- Sep 22 Sat 2007 19:38
Standard SQL Queries
- Sep 22 Sat 2007 19:34
Great web application vulnerabilities
- Sep 22 Sat 2007 19:34
The Importance of Web Application Scanning
Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. Web applications are proving to be the weakest link in overall corporate security, even though companies have left no stone unturned in installing the better-known network security and anti-virus solutions. Quick to take advantage of this vulnerability, hackers have now begun to use Web applications as a platform for gaining access to corporate data.
- Sep 22 Sat 2007 19:33
PHP Security Blunders
PHP is a terrific language for the rapid development of dynamic Websites. It also has many features that are friendly to beginning programmers, such as the fact that it doesn't require variable declarations. However, many of these features can lead a programmer inadvertently to allow security holes to creep into a Web application. The popular security mailing lists teem with notes of flaws identified in PHP applications, but PHP can be as secure as any other language once you understand the basic types of flaws PHP applications tend to exhibit.
In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
- Sep 22 Sat 2007 19:31
Additional Image Bypass on Windows
Michael Schramm posted about another way to do image filter bypassing using alternate file streams on NTFS file systems. Pretty cool stuff (thinking outside the box of what a file really means on different systems). Here’s his English translation:
It’s all about the alternate file streams (ads) in NTFS file system (it’s a “feature”), you probably have heard of them. With ads, it’s possible to insert additional data streams to a file beside of its basic contents. For example you could insert ads.txt into the file foobar.txt with “type ads.txt>foobar.txt:somedescriptor”. A User won’t recognize that there is additional data in this file (even if the ads contains several gigabytes), the file foobar.txt will still appear with its original size and contents in file system. But anyway, this is not really essential for understanding what I’ve found out, I think you can inform yourself about ads if you want.
It’s all about the alternate file streams (ads) in NTFS file system (it’s a “feature”), you probably have heard of them. With ads, it’s possible to insert additional data streams to a file beside of its basic contents. For example you could insert ads.txt into the file foobar.txt with “type ads.txt>foobar.txt:somedescriptor”. A User won’t recognize that there is additional data in this file (even if the ads contains several gigabytes), the file foobar.txt will still appear with its original size and contents in file system. But anyway, this is not really essential for understanding what I’ve found out, I think you can inform yourself about ads if you want.
- Sep 22 Sat 2007 19:30
盲注綜述
- Sep 22 Sat 2007 19:22
PHP Approaches to Web Application security