Posts

Top 50 Web Hacking Techniques

This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them. "Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work." Current 2011 List Bypassing Flash’s local-with-filesystem Sandbox Abusing HTTP Status Codes to Expose Private Information SpyTunes: Find out what iTunes music someone else has CSRF: Fla

PHP / SQL Security – The Big Picture

Web Security Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security matters. After the hard work put in to make your site look good and respond to your users, the last thing you want is for a malicious hacker to come along, perform a PHP hack and break it somehow. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but here we'll look at some of the problems that should be considered every time you set out to write a PHP script to avoid a PHP hack attack. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. SQL Injection In this attack, a user is able to execute SQL queries in your website's database. This attack is u

PHP / SQL Security – SQL Commands and Non-String Variables

SQL Injection SQL (Structured Query Language) is the language used to interface with many database systems, including MySQL, PostgreSQL and MSSQL. Certain words and characters are interpreted specially by SQL, as commands, separators, or command terminators, for instance. When a user enters data into a form, there is nothing stopping them entering these special commands and characters. Consider the PHP code below: $query = “INSERT INTO orders(address) VALUES('$_GET['address']')”; $result = mysql_query($query); A form with a textbox named address would be used to gather the information for this page. We'll ignore any other form elements for now, but obviously there'd be the order items, a name, possibly a price, a delivery date, and so on, which would also all need storing in a database. Imagine a perfectly legitimate user comes along and enters the following address 14 King's Way Kingston Kingham County The database would spit back an error b

what is SQL injection and how to prevent it

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from your database.  It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. If inputs are not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. SQL Injection: A Simple Example Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum. When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the dat

WEBSITE SECURITY (BUSINESS LOGIC VULNERABILITIES)

Abuse of Functionality An attack that uses a website's own features and functionality to consume, defraud, or circumvent access control mechanisms. Some functions including security features may be abused to cause unexpected behavior, annoy other users, or perhaps defraud the system entirely. Abuse of Functionality techniques are often intertwined with other categories of Web application attacks, such as performing an encoding attack to introduce a query string that turns a web search function into a remote web proxy. Abuse of Functionality attacks are also commonly used as a force multiplier. For example, an attacker can inject a Cross-Site Scripting snippet into a web-chat session, then use the built-in broadcast function to propagate the malicious code site-wide. Brute Force An automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key. Many systems will allow the use of weak passwords or small cryptogr