Posts

Showing posts from September, 2015

Top 50 Web Hacking Techniques

This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them. "Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work." Current 2011 List Bypassing Flash’s local-with-filesystem Sandbox Abusing HTTP Status Codes to Expose Private Information SpyTunes: Find out what iTunes music someone else has CSRF: Fla

PHP / SQL Security – The Big Picture

Web Security Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security matters. After the hard work put in to make your site look good and respond to your users, the last thing you want is for a malicious hacker to come along, perform a PHP hack and break it somehow. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but here we'll look at some of the problems that should be considered every time you set out to write a PHP script to avoid a PHP hack attack. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. SQL Injection In this attack, a user is able to execute SQL queries in your website's database. This attack is u

PHP / SQL Security – SQL Commands and Non-String Variables

SQL Injection SQL (Structured Query Language) is the language used to interface with many database systems, including MySQL, PostgreSQL and MSSQL. Certain words and characters are interpreted specially by SQL, as commands, separators, or command terminators, for instance. When a user enters data into a form, there is nothing stopping them entering these special commands and characters. Consider the PHP code below: $query = “INSERT INTO orders(address) VALUES('$_GET['address']')”; $result = mysql_query($query); A form with a textbox named address would be used to gather the information for this page. We'll ignore any other form elements for now, but obviously there'd be the order items, a name, possibly a price, a delivery date, and so on, which would also all need storing in a database. Imagine a perfectly legitimate user comes along and enters the following address 14 King's Way Kingston Kingham County The database would spit back an error b