모의해킹 (WAPT)202 728x90 Advanced SQL Injection 공격사례 정리 1 개요1.1 SQL Query1.2 DML & DLL1.3 Metabata1.4 웹 어플리케이션1.5 일반적인 취약한 로그인 쿼리2 SQL Injection 테스트 방법론1) 입력 값 검증2) 정보 수집3) 1=1 Attacks5) OS Interaction6) OS 명령 프롬프트7) 확장된 효과3 회피 기술3.1 개요3.2 IDS “signature” 우회3.3 입력 값 검증 우회 하기3.4 회피와 우회4 SQL Injection 대응 방안4.1 개요4.2 탐지 및 제한시키기4.3 결론※ 참조자료 및 문서 1 개요SQL은 Structured Query Language의 표준이며, 사용자에게 데이터 베이스를 접근 할 수 있게 해준다. 현재 대부분 SQL99가 SQL Language의 표준이다. SQL은.. 2012. 5. 21. Exploit Pack - Web Security Edition [New tool] This tool allows you to take control of remote browsers, steal social network credentials, obtain persistence on it, DDoS and more. Demo: Main features: - Hacking of Gmail, Yahoo, Facebook, Live, Linkedin - Session persistence - 0day exploits included - Remote browser control - DDoS by creating botnets - Launch remote exploits - Steal credentials Questions? support () exploitpack com Official si.. 2012. 4. 24. sqlifuzzer: Command Line SQL Injection Web Scanner Features of Sqlifuzzer: Payloads/tests for numeric, string, error and time-based SQL injection Support for MSSQL, MYSQL and Oracle DBMS’s Automated testing of ‘tricky’ parameters like POST URL query and mulipart form parameters A range of filter evasion options: case variation, nesting, double URL encoding, comments for spaces, ‘like’ for ‘equals’ operator, intermediary characters, null and CRLF.. 2012. 4. 17. Dmitry + gooscan + Maltego 설명 출처 : http://www.youtube.com/user/zer0c0oI/videos 2012. 4. 9. Nmap – Techniques for Avoiding Firewalls As a penetration tester you will come across with systems that are behind firewalls and they are blocking you from getting the information that you want.So you will need to know how to avoid the firewall rules that are in place and to discover information about a host.This step in a penetration testing called Firewall Evasion Rules.Nmap is offering a lot of options about Firewall evasion so in t.. 2012. 4. 3. 이전 1 ··· 14 15 16 17 18 19 20 ··· 41 다음 728x90 728x90
