Attacking Other Users
The majority of interesting attacks against web applications involve targeting the server-side application itself. Many of these attacks do of course
Read moreETHICAL HACKING
Avoiding Logic Flaws
Just as there is no unique signature by which logic flaws in web applications can be identified, there is also
Read moreReal-World Logic Flaws
The best way to learn about logic flaws is not by theorizing, but through acquaintance with some actual examples. Although
Read moreAttacking Application Logic
All web applications employ logic in order to deliver their functionality. Writing code in a programming language involves at its
Read morePreventing Path Traversal Vulnerabilities
By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file
Read moreInjecting into LDAP
The Lightweight Directory Access Protocol (LDAP) is used for accessing directory services over a network. A directory is a hierarchically
Read moreInjecting into SMTP
Many applications contain a facility for users to submit messages via the application; for example, to report a problem to
Read moreFile Inclusion Vulnerabilities
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual
Read moreInjecting into Web Scripting Languages
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition
Read moreExploiting ODBC Error Messages (MS-SQL Only)
If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables
Read more