Vulnerable Web Server Software
Web server products range from extremely simple and lightweight software which does little more than serve up static pages, to
Read moreweb-app-hack
Technical Challenges Faced by Vulnerability Scanners
The barriers to automation described previously lead to a number of specific technical challenges that must be addressed in the
Read moreAttacking ActiveX Controls
ActiveX controls are of particular interest to an attacker who is targeting other users. When an application installs a control
Read moreJSON Hijacking
JSON hijacking is a special version of an XSRF attack, which in certain circumstances can violate the objectives of the
Read moreFrame Injection
Frame injection is a relatively simple vulnerability that arises from the fact that in many browsers, if a web site
Read moreHTTP Header Injection
HTTP header injection vulnerabilities arise when user-controllable data is inserted in an unsafe manner into an HTTP header returned by
Read moreFile Inclusion Vulnerabilities
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual
Read moreExploiting ODBC Error Messages (MS-SQL Only)
If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables
Read moreExtracting Useful Data
In order to extract useful data from the database, you normally need to know the names of the tables and
Read moreFingerprinting the Database
Most of the techniques described so far are effective against all of the common database platforms, and any divergences have
Read more