Tutorials

PHP CGI Argument Injection With Metasploit Framework

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. When PHP is used in a CGI-based setup (such as Apache’s mod_cgid), in some configurations it’s possible to execute arbitrary code with the privileges of the web server. More about this Vulnerability –  When run […]

Tutorials

Apache Server Hardening – Kali Linux 2017

The Apache Web server is a remarkable piece of software. The basic package distributed by the Apache Software Foundation is quite complete and very powerful, and a lot of effort has gone into keeping it from suffering software bloat. One facet of the package makes it especially remarkable: it includes extensibility by design. Apache is the dominant […]

Tech Articles

Web Application Hacking Methodology

Web application hacking is not just about using automated tools to find common vulnerabilities. It is indeed a methodological approach that, if followed, would help reveal many more flaws and potential security vulnerabilities. The following section describes the systematic approach and process to be followed for testing the security of web applications. 1. Analyzing web applications The […]

Tutorials

SQL Injection – A Complete Understanding Tutorial

SQL injection is an attack to circumvent scripts using SQL queries, as is often the case on websites, and especially for user authentication systems. [#] Introduction – SQL, or Structured Query Language, is a Standard and standardized computer pseudo-language, intended to interrogate or manipulate a relational database – Wikipedia. Today, with the development of dynamic […]