본문 바로가기

모의해킹 (WAPT)197

728x90
입력값 유효성 검사 문자들 개발 진행시 부주의로 인해 불필요한 문자를 허용하고 있다. 문자와 응용 프로그램에 전달되는 의미를 다룬다. 문자 세부사항 NULL or null 종종 웹 응용 프로그램으로 흥미있는 오류 메시지를 볼 수 있다. PL/SQL 경우 확인할 수 있다. ( ', ";, SQL, XPath 그리고 XML Injection 테스트에 사용되는 SQL 문자열 또는 쿼리에 사용된다. (-, =, +, ") 고급 SQL Injection 쿼리에 사용된다. ( ', &,! , |, ) 명령 실행 취약성을 발견하는 데 사용된다. "> 기본적인 Cross-Site Scripting 점검에 사용된다. {%0d , %0a} Carriage Return Line Feed (새줄); 모든 특수 기능. {%7f , %ff} 바이트 길이 .. 2010. 8. 12.
PostgreSQL Shell Injection Shell InjectionPostgreSQL provides a mechanism to add custom functions by using both Dynamic Library and scripting languages such as python, perl, and tcl. Dynamic LibraryUntil PostgreSQL 8.1, it was possible to add a custom function linked with libc: CREATE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6', 'system' LANGUAGE 'C' STRICT Since system returns an int how we can fetch results.. 2010. 8. 5.
SQL Injection Vulnerability SQL Injection Vulnerabilities Green Shop [x] Tybe: SQL Injection Vulnerabilities [x] Vendor: egreen.ir [x] Script Name: Green Shop [x] author: Ashiyane Digital Security Team [x] Thanks To N4H [?] Submit By PrinceofHacking ^_^ [x] Mail : Prince[dot]H4ck@gmail[dot]com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ D0rk: "egreen.ir" Exploit: http://site.org/index.php?pid=[SQLi] Ex: http://site.org/index.ph.. 2010. 7. 8.
Web Vulnerability Scanners Comparison Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara. In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open source) against a realistic test we.. 2010. 7. 8.
Testing for Directory Traversal Black Box testing and example (a) Input Vectors Enumeration In order to determine which part of the application is vulnerable to input validation bypassing, the tester needs to enumerate all parts of the application which accept content from the user. This also includes HTTP GET and POST queries and common options like file uploads and HTML forms. Here are some examples of the checks to be perfo.. 2010. 6. 1.
728x90
728x90

티스토리툴바