Tutorials

PHP CGI Argument Injection With Metasploit Framework

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. When PHP is used in a CGI-based setup (such as Apache’s mod_cgid), in some configurations it’s possible to execute arbitrary code with the privileges of the web server. More about this Vulnerability –  When run […]

Tutorials

Apache Server Hardening – Kali Linux 2017

The Apache Web server is a remarkable piece of software. The basic package distributed by the Apache Software Foundation is quite complete and very powerful, and a lot of effort has gone into keeping it from suffering software bloat. One facet of the package makes it especially remarkable: it includes extensibility by design. Apache is the dominant […]

Tech Articles

Simple Tips to Prevent SQL Injection Vulnerability

As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety of malicious exploits; however, there are measures that can be applied to mitigate SQL injection attacks. Use of these practices does not guarantee that SQL […]

Tech Articles

50 Important terms related to Database – Updated List 2017

1. Character Set: A character set is a specification that determines the set of codes used to represent the characters of a particular language or set of languages. Among the oldest character sets is the ASCII (American Standard Code for Information Interchange) character set, in which the letter A is coded by the integer 65. […]

Tech Articles

Mitigations for Common Web Application Flaws

The most prominent components of web applications that intruders will first seek to exploit are vulnerabilities within the web platform. The web platform commonly includes: Web server software (such as IIS or Apache). Extensions to the web server, such as ISAPI filters and extensions, or Apache modules. Dynamic execution environments like ASP.NET, PHP, and J2EE […]

Tech Articles

Web Application Hacking Methodology

Web application hacking is not just about using automated tools to find common vulnerabilities. It is indeed a methodological approach that, if followed, would help reveal many more flaws and potential security vulnerabilities. The following section describes the systematic approach and process to be followed for testing the security of web applications. 1. Analyzing web applications The […]

Tutorials

SQL Injection – A Complete Understanding Tutorial

SQL injection is an attack to circumvent scripts using SQL queries, as is often the case on websites, and especially for user authentication systems. [#] Introduction – SQL, or Structured Query Language, is a Standard and standardized computer pseudo-language, intended to interrogate or manipulate a relational database – Wikipedia. Today, with the development of dynamic […]

Q&A

Top 40 XSS (Cross Site Scripting) Revision Questions with Answers

The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML Injection and XSS? A: Both of them refer to exactly the same thing. In one of the situations, the attacker injected valid HTML tags, while […]

Tutorials

Maintaining Access with Web Backdoors [Weevely]

Once a web server and its services have been compromised, it is important to ensure that secure access can be maintained. This is usually accomplished with the aid of a web shell—a small program that provides stealth backdoor access and allows the use of system commands to facilitate post-exploitation activities. Kali comes with several web shells; here […]

Tutorials

Find Real IP behind CloudFlare with CloudSnare Python Script

CloudFlare is one of the most popular CDN provider who offers a complete package of WAF i.e. Web Application Firewall and DDOS Protection (Distributed Denial of Service) for websites. List of Features – Stop attacks directed at a website Dynamically modify content in order to improve performance Insert applications into web pages Provide rich analytics […]