Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery...
Hi there, I posted a question yesterday, which I intend to get back to today however I wrote some JavaScript as a first line of prevention against XSS. However when testing this on my live server I catch some invalid input as the javascript catches the php section. My form uses post and php isn't in my form items (i haven't typed it in)....
Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt...
I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation w...
I'm part of a testing team and have been tasked with "behaving badly" using javascript in a firefox browser. I've tried these methods to take the browser down http://www.yuki-onna.co.uk/browserdeath.html but none of them do anything worse than cause a popup asking to shut down the script. Any other ideas? ...
I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session. But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead o...
Since I cannot find my answer in the almighty Google I decided to try Stackoverflow. I would like to know if there is such a thing as a list of hackathons or projects supporting them. The wikipedia article mostly talks about OpenBSD but I am quite sure that other projects have done such thing (I believe KDE and GNOME have done so) ...
I've got a fully custom PHP site with a lot of database calls. I just got injection hacked. This little chunk of code below showed up in dozens of my PHP pages. <?php /**/ eval(base64_decode(big string of code.... I've been pretty careful about my SQL calls and such; they're all in this format: $query = sprintf("UPDATE Sales SET `S...
I have the following array: 'tagline_p' => "I'm a <a href='#showcase'>multilingual web</a> developer, designer and translator. I'm here to <a href='#contact'>help you</a> reach a worldwide audience.", Should I escape the HTML tags inside the array to avoid hackings to my site? (How to escape them?) or is OK to have HTML tags inside a...
I am planning to prepare for CEH certification. I am sure there will be plenty of CEH @ StackOverflow. Please suggest me some freely available / downloadable eBooks. You can also suggest some good books even if it not free. ...
hi friends, how come have the code before hacked with SQL Injection :( $query = $this->db->query("SELECT * FROM users WHERE username = ? AND password = ?", array(mysql_real_escape_string($this->input->post('username')), mysql_real_escape_string(MD5($this->input->post('password'))))); appreciate helps!! ...
hello folks, I am following this EBook about Ethical Hacking, and I reached the Linux Exploit Chapter, this is the code with Aleph's 1 code. //shellcode.c char shellcode[] = //setuid(0) & Aleph1's famous shellcode, see ref. "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" //setuid(0) first "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\...
I would like to ask the proactive (or paranoid;) among us: What are you looking for, and how? I'm thinking mainly about things that can be watched for programaticaly, rather than manually inspecting logs. For example: Manual/automated hack attempts Data skimming Bot registrations (that have evaded captcha etc.) Other unwanted beh...
hey folks, I have this piece of code to test a shellcode but I don't understand it so can anyone explain it to me??? forget about the assembly shellcode, what i want to understand is the C code char shellcode[] = "..."; int main(int argc, char **argv) { int (*func)(); func = (int (*)()) shellcode; (int)(*func)(); } I mean ev...
A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an update would break the site. Are there sites that document these exploits, and instruct how to...
Hi I have a web form that sends a string to one php file which redirects them to a corresponding URL. I've searched about web form hacking and I've only received information about PHP and SQL... my site only uses a single PHP file, very basic etc. Would it be open to any exploits? I'm obviously not going to post the URL, but here is some...
Hi, I'm working on the web app which will be hosted on the client's server. There are various restrictions/security measures in place and I'm concerned that these can be "hacked" because the client will have a direct access to the ASP.Net user database through the SSMS. I can think of few ways to stop the user from doing this, but I...
I am allocating the array and freeing it every callback of an audio thread. The main user thread (a web browser) is constantly allocating and deallocating memory based on user input. I am sending the uninited float array to the audio card. (example in my page from my profile.) The idea is to hear program state changes. When I call mall...
Lets assume I am a game and I have a global int* that contains my health. A game trainer's job is to modify this value to whatever in order to achieve god mode. I've looked up tutorials on game trainers to understand how they work, and the general idea is to use a memory scanner to try and find the address of a certain value. Then modify...
Is it possible to add some kind of restriction to the web.config to limit URL parameter length? I want to prevent people at the earliest possible point from submitting too large URL parameters so the server doesn't get taxed more than necessary in the event that somebody tries to "attack" it with large invalid URL parameters. ...