Ideas, Observations & Stories in Cybersecurity
As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP. Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website. Sqlmap…
Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of…
What is OS Command Injection OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component. So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access…
Hello folks ! I know it has been a long while since I wrote on this weblog. But the start of this year was much enthusiastic in terms of newly discovered vulnerabilities. Yes I am talking about Spectre and Meltdown So today we will discuss about Meltdown. What the heck it is ! Spectre and Meltdown…
Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It utilizes the IP protocol’s time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host. This tool verifies the…
Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of “sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios…
CSV Macro Injection : It’s rather a trick to abuse the functionality… Application security is quite a tricky domain. Just imagine for all those years when you thought something as a functionality of the application and suddenly it turns out to be a vulnerability which can be exploited to take down your system completely. CSV…
We have seen a lot of DoS (Denial of Service) attacks in recent times. An old but promising solution to DoS attacks in web applications is to have CAPTCHA implemented in the publicly available form/pages. However, all CAPTCHA implementations are not quite safe, and some implementations would give the user a headache. There are recent…
Why Mobile Application Security? With the ever increasing penetration of Mobile apps into our day to day life, it’s imperative that Mobile Applications will be at the behest of hackers and Security professionals likewise. Thanks to phenomenal advances in mobile device capabilities, everything from shopping, banking, recharge, booking tickets and many such activities are performed…
Most of the time folks find it really difficult to test web services. It is because we don't have proper knowledge of web services. Before any testing it is important to understand the system, we should know what can be the positive and negative sides of the technology and implementations of that application. Lets dive…