Today we will learn about SQL Injection by Untrusted Data Parsing. In our previous article we have learned about "SQL Injection basics" which is #1 among Injection attacks. We have learned that SQL Injection majorly occurs because of three things : 1. Untrusted Data Parsing 2. Dynamic Queries Creation from user data. 3. Escape Sequences, Encoded Character Set Parsing. Today we are going to learn about SQL Injection by Untrusted Data Parsing. How an data from untrusted source can result into SQL Injection flaw. SQL Injection by Untrusted Data parsing What is untrusted … [Read More...]
Featured Articles
Editorial Picks
Latest Blog Updates
SQL Injection – INJECTION ATTACKS – OWASP #1 VULNERABILTY – PART 2
Today we will learn about SQL Injection basics. In previous article "INJECTION ATTACKS TUTORIAL - OWASP #1 VULNERABILTY - PART 1", we have learned about Injection attack basics and type of Injection attacks. As we have learned in previous article that Injection means adding something extra into code which changes the actual behavior of the code or Query. Similarly SQL Injection means adding something extra into SQL query which result into deviation of SQL from actual behavior. SQL Injection - Injection Attacks What is SQL Injection? SQL injection is an attack in which malicious … [Read More...]
Injection Attacks Tutorial – OWASP #1 Vulnerabilty – Part 1
Injection attacks are the most popular attacks among hackers, topping OWASP's Top 10 Vulnerability list every year. Injection is an entire class of attacks that rely on injecting data into a web application in order to facilitate the execution or interpretation of malicious data in an unexpected manner. So friends, let's learn about injection attacks from the very beginning. Injection attacks are popular because of its 4 basic things: 1. Easy to exploit 2. Hard to secure (i.e. compromise on dynamic query usage). 3. Coder's negligence ( i.e. deciding character set, stored procedures usage issues, … [Read More...]
DNSRECON Tool Tutorial Hackingloops | KYB Tutorial 4
Welcome friends to KYB (Know your Backtrack) Tutorial 4, today i am going to teach you another interesting DNS Information gathering tool i.e. DNSRECON Tool. DNSRECON Tool like other DNS tools used to enumerate the standard records of a domain like A, NS, SOA, MX etc. So friends lets learn all about DNSRECON Tool on Backtrack 5. Dnsrecon KYB Tutorial 4 : Information gathering tool on Backtrack Linux Below is the list of things that we can do using DNSRECON Tool: Top level domain expansion ( Zone Walking and Zone Transfer) Reverse Lookup against IP range Perform general DNS … [Read More...]
How to Share Remote Screens and Control PC Without Any Software in Windows
Remote sharing is at its peak nowadays. People use remote sharing to provide live support or to share screens. Most of us use a third party software for sharing or controlling remote systems, like Teamviewer or Radmin. Today I am going to teach you how to connect any two (or more) windows PCs through remote, without using a third party too. Windows Remote assistance without any external software As we all knows Windows OS is full of hidden programs that are only limited to developers or geeks. Today we are going to learn about MSRA (windows remote assistance) executable. MSRA is … [Read More...]