web-site hacking - Eduguru

Tutorial Web Hosting Website

Injecting into XPath

May 7, 2020 Krishna Blind XPath Injection, Finding XPath Injection Flaws, Informed XPath Injection, Injecting Code, Injecting into XPath, Preventing XPath Injection, Subverting Application Logic, web-app, web-app-hacking, web-site, web-site hacking

The XML Path Language (or XPath) is an interpreted language used for navigating around XML documents, and for retrieving data

Tutorial Web Hosting Website

Injecting into SOAP

May 7, 2020May 7, 2020 Krishna Finding and Exploiting SOAP Injection, Injecting Code, Injecting into SOAP, Preventing Script Injection Vulnerabilities, Preventing SOAP Injection, web security, web-app, web-app-hacking, web-app-security, web-site, web-site hacking

The Simple Object Access Protocol (SOAP) is a message-based communications technology that uses the XML format to encapsulate data. It

Tutorial Web Hosting Website

Exploiting ODBC Error Messages (MS-SQL Only)

May 6, 2020 Krishna Enumerating Table and Column Names, ETHICAL HACKING, Exploiting ODBC Error Messages (MS-SQL Only), Extracting Arbitrary Data, HACKING, Injecting Code, Using Recursion, web, web-app, web-app-hack, web-site, web-site hacking

If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables

Tutorial Web Hosting Website

A Multi-Layered Privilege Model

May 5, 2020 Krishna A Multi-Layered Privilege Model, Attacking Access Controls, Declarative control, Discretionary access control, HACKING, Programmatic control, Role-based access control, web-app, web-app-hacking, web-site, web-site hacking

Issues relating to access apply not only to the web application itself but also to the other infrastructure tiers which

Tutorial Web Hosting Website

Liberal Cookie Scope

May 5, 2020May 5, 2020 Krishna Attacking Session Management, Cookie Domain Restrictions, Cookie Path Restrictions, HACKING, Liberal Cookie Scope, web-app-hacking, web-site hacking

The usual simple summary of how cookies work is that the server issues a cookie using the HTTP response header

Tutorial Web Hosting Website

Attacking Session Management

May 4, 2020 Krishna Alternatives to Sessions, Attacking Session Management, HACKING, HTTP Authentication, Sessionless state mechanisms, The Need for State, web hacking, web-site hacking, website

The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the