目前分類:injection (16)
- Sep 22 Sat 2007 20:17
SQL Injection Paper By BS
- Sep 22 Sat 2007 20:11
Files About PHP Security
http://www.divshare.com/download/2065779-9ca
- Sep 22 Sat 2007 19:46
MySQL Injection Basic
- Sep 22 Sat 2007 19:44
Blind Mysql Injection
- Sep 22 Sat 2007 19:42
Advanced MYSQL Injection
前言
我的《SQL Injection with MySQL》(《駭客防線》7月的專題)已經對MySQL的注入有了比較全面的介紹了,但是有一個危害相當大的函數,我並沒有在文中提及,因為如果能靈活 應用這個函數,那PHP甚至伺服器的安全性均會大打折扣,由於《SQL Injection with MySQL》的發表時間是在暑假期間,考慮到很多新手、學生和品德敗壞的人亂用,所以我並沒有把這個寫在該文裏,其實本文在5月初已寫完。專題發表後,很 多人已經陸續轉到PHP+MYSQL注入的研究,很多新技術將會陸續挖掘出來,我們所掌握這方面未公開的高級技巧也會陸續公佈出來。至於比較基礎的東西, 本文就不再提了。
我的《SQL Injection with MySQL》(《駭客防線》7月的專題)已經對MySQL的注入有了比較全面的介紹了,但是有一個危害相當大的函數,我並沒有在文中提及,因為如果能靈活 應用這個函數,那PHP甚至伺服器的安全性均會大打折扣,由於《SQL Injection with MySQL》的發表時間是在暑假期間,考慮到很多新手、學生和品德敗壞的人亂用,所以我並沒有把這個寫在該文裏,其實本文在5月初已寫完。專題發表後,很 多人已經陸續轉到PHP+MYSQL注入的研究,很多新技術將會陸續挖掘出來,我們所掌握這方面未公開的高級技巧也會陸續公佈出來。至於比較基礎的東西, 本文就不再提了。
- Sep 22 Sat 2007 19:39
What is SQL Injection
What is SQL Injection?
If you are designing a Web site, or already have an existing Web site, you may be worried about potential "attacks" from rogue users. Too often, Web site developers focus solely on the security issues of the chosen operating system and Web server the site will run on. While IIS security holes can allow for malicious attackers, IIS security is not the only item that should be on your security checklist. The code that is commonly written for data-driven Web sites is often as serious a hole as any IIS hole. Such a programming code hole that can be exploited has been dubbed the SQL injection attack.
If you are designing a Web site, or already have an existing Web site, you may be worried about potential "attacks" from rogue users. Too often, Web site developers focus solely on the security issues of the chosen operating system and Web server the site will run on. While IIS security holes can allow for malicious attackers, IIS security is not the only item that should be on your security checklist. The code that is commonly written for data-driven Web sites is often as serious a hole as any IIS hole. Such a programming code hole that can be exploited has been dubbed the SQL injection attack.
- Sep 22 Sat 2007 19:38
Standard SQL Queries
- Sep 22 Sat 2007 19:34
Great web application vulnerabilities
- Sep 22 Sat 2007 19:34
The Importance of Web Application Scanning
Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. Web applications are proving to be the weakest link in overall corporate security, even though companies have left no stone unturned in installing the better-known network security and anti-virus solutions. Quick to take advantage of this vulnerability, hackers have now begun to use Web applications as a platform for gaining access to corporate data.
- Sep 22 Sat 2007 19:33
PHP Security Blunders
PHP is a terrific language for the rapid development of dynamic Websites. It also has many features that are friendly to beginning programmers, such as the fact that it doesn't require variable declarations. However, many of these features can lead a programmer inadvertently to allow security holes to creep into a Web application. The popular security mailing lists teem with notes of flaws identified in PHP applications, but PHP can be as secure as any other language once you understand the basic types of flaws PHP applications tend to exhibit.
In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
- Sep 22 Sat 2007 19:31
Additional Image Bypass on Windows
Michael Schramm posted about another way to do image filter bypassing using alternate file streams on NTFS file systems. Pretty cool stuff (thinking outside the box of what a file really means on different systems). Here’s his English translation:
It’s all about the alternate file streams (ads) in NTFS file system (it’s a “feature”), you probably have heard of them. With ads, it’s possible to insert additional data streams to a file beside of its basic contents. For example you could insert ads.txt into the file foobar.txt with “type ads.txt>foobar.txt:somedescriptor”. A User won’t recognize that there is additional data in this file (even if the ads contains several gigabytes), the file foobar.txt will still appear with its original size and contents in file system. But anyway, this is not really essential for understanding what I’ve found out, I think you can inform yourself about ads if you want.
It’s all about the alternate file streams (ads) in NTFS file system (it’s a “feature”), you probably have heard of them. With ads, it’s possible to insert additional data streams to a file beside of its basic contents. For example you could insert ads.txt into the file foobar.txt with “type ads.txt>foobar.txt:somedescriptor”. A User won’t recognize that there is additional data in this file (even if the ads contains several gigabytes), the file foobar.txt will still appear with its original size and contents in file system. But anyway, this is not really essential for understanding what I’ve found out, I think you can inform yourself about ads if you want.
- Sep 22 Sat 2007 19:30
盲注綜述
- Sep 22 Sat 2007 19:22
PHP Approaches to Web Application security
- Sep 22 Sat 2007 18:57
Advanced SQL Injection
- Sep 22 Sat 2007 18:56
Web Security
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X Web Security - XSS & more X
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X Web Security - XSS & more X
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Sep 07 Fri 2007 20:59
PHP Security Blunders
Security (4)
