web - Eduguru

Tutorial Web Hosting Website

Preventing Path Traversal Vulnerabilities

May 11, 2020 Krishna ETHICAL HACKING, Exploiting Path Traversal, HACKING, Preventing Path Traversal Vulnerabilities, security, web, web application, web security, web-app, web-site

By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file

Tutorial Web Hosting Website

Exploiting ODBC Error Messages (MS-SQL Only)

May 6, 2020 Krishna Enumerating Table and Column Names, ETHICAL HACKING, Exploiting ODBC Error Messages (MS-SQL Only), Extracting Arbitrary Data, HACKING, Injecting Code, Using Recursion, web, web-app, web-app-hack, web-site, web-site hacking

If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables

Tutorial Web Hosting Website

Extracting Useful Data

May 6, 2020 Krishna An MS-SQL Hack, An Oracle Hack, ETHICAL HACKING, Extracting Useful Data, HACKING, Injecting Code, security, wab-hack, web, web-app, web-app-hack, web-site, web-site-hack, website

In order to extract useful data from the database, you normally need to know the names of the tables and

Tutorial Web Hosting Website

Fingerprinting the Database

May 6, 2020 Krishna Fingerprinting the Database, HACKING, html, Injecting Code, Linux, MS-SQL, Oracle, security, web, web-app, web-app-hack, web-site-hack

Most of the techniques described so far are effective against all of the common database platforms, and any divergences have

Tutorial Web Hosting Website

Injecting into SQL

May 6, 2020May 6, 2020 Krishna Bypassing a Login, Exploiting a Basic Vulnerability, http, Injecting Code, Injecting into SQL, Linux, PHP, SQL injection, web, web hacking, web-app, web-app-hack, web-site

Almost every web application employs a database to store the various kinds of information that it needs in order to

Tutorial Web Hosting Website

Disclosure of Tokens in Logs

May 5, 2020 Krishna Attacking Session Management, Disclosure of Tokens in Logs, ETHICAL HACKING, HACKING, web, web application, web hacking, web-hack, website

Aside from the clear-text transmission of session tokens in network communications, the most common place where tokens are simply disclosed

Tutorial Web Hosting Website

Securing Authentication

May 4, 2020 Krishna Attacking Authentication, Handle Credentials Secretively, INTERNET, Prevent Brute-Force Attacks, Prevent Information Leakage, Prevent Misuse of the Password Change Function, Use Strong Credentials, Validate Credentials Properly, web, web hacking, website hacking

Implementing a secure authentication solution involves attempting to simultaneously meet several key security objectives, and in many cases trade off