본문 바로가기

모의해킹 (WAPT)179

Web Vulnerability Scanners Comparison Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara. In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open source) against a realistic test we.. 2010. 7. 8.
Testing for Directory Traversal Black Box testing and example (a) Input Vectors Enumeration In order to determine which part of the application is vulnerable to input validation bypassing, the tester needs to enumerate all parts of the application which accept content from the user. This also includes HTTP GET and POST queries and common options like file uploads and HTML forms. Here are some examples of the checks to be perfo.. 2010. 6. 1.
SQL Injection and Signature Evasion SQL-Injection: Attack-Types 2010. 5. 31.
sqlninja - a SQL Server injection & takeover tool Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2. There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network. In a nutshell, here's what i.. 2010. 5. 25.
Remote file include in appserv 2.4.5 ====================================================================== Remote file include in appserv 2.4.5 (possible in previous versions) ====================================================================== [ What is Appserv ] AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client.. 2010. 5. 14.
728x90