모의해킹 (WAPT)171 PostgreSQL Shell Injection Shell InjectionPostgreSQL provides a mechanism to add custom functions by using both Dynamic Library and scripting languages such as python, perl, and tcl. Dynamic LibraryUntil PostgreSQL 8.1, it was possible to add a custom function linked with libc: CREATE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6', 'system' LANGUAGE 'C' STRICT Since system returns an int how we can fetch results.. 2010. 8. 5. SQL Injection Vulnerability SQL Injection Vulnerabilities Green Shop [x] Tybe: SQL Injection Vulnerabilities [x] Vendor: egreen.ir [x] Script Name: Green Shop [x] author: Ashiyane Digital Security Team [x] Thanks To N4H [?] Submit By PrinceofHacking ^_^ [x] Mail : Prince[dot]H4ck@gmail[dot]com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ D0rk: "egreen.ir" Exploit: http://site.org/index.php?pid=[SQLi] Ex: http://site.org/index.ph.. 2010. 7. 8. Web Vulnerability Scanners Comparison Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara. In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open source) against a realistic test we.. 2010. 7. 8. Testing for Directory Traversal Black Box testing and example (a) Input Vectors Enumeration In order to determine which part of the application is vulnerable to input validation bypassing, the tester needs to enumerate all parts of the application which accept content from the user. This also includes HTTP GET and POST queries and common options like file uploads and HTML forms. Here are some examples of the checks to be perfo.. 2010. 6. 1. SQL Injection and Signature Evasion SQL-Injection: Attack-Types 2010. 5. 31. 이전 1 ··· 25 26 27 28 29 30 31 ··· 35 다음
