NullArea Security

Multiple Web applications vulnerabilities

v1.0

By MEGABRAKER , NullArea Team

Summary:

Introduction to web application security........................................................................................1

I- SQL injection vulnerabilities.......................................................................................................2

1-Introduction to SQL language and Queries.

2-SQL injection vulnerabilities (finding the bug).

3-SQL injection exploitation.

4-Preventing SQL injection.

II-XSS (cross site scripting)............................................................................................................10

1-Introduction to JS , AJAX language.

2-XSS vulnerabilities (finding the bug).

3-XSS vulnerabilities types.

4-XSS vulnerabilities exploitation.

5-Preventing XSS.

III-HTML vulnerabilities..............................................................................................................19

1-Introduction.

2-HTML vulnerabilities (finding the bug).

3-HTML vulnerabilities exploitation

4-Preventing the vulnerability

IV-Local file inclusion vulnerabilities..........................................................................................20

1-Introduction.

2-Example of vulnerability.

3-Exploiting the vulnerability.

4-Preventing Local file inclusion vulnerabilities.

V-Remote file include....................................................................................................................21

1-Introduction.

2-Finding the bug.

3-Exploiting the bug.

4-Preventing Remote file inclusion.

VI-Application Buffer Overflow..................................................................................................22

VII-CONCLUSION......................................................................................................................24

Useful links:)

Category : Pentest | Hits : 35 | Comments 0

BackTrack 4 Final Released !

18/01/10 - D4rkFocus

The final release of BT4 is out.

Date : 11-01-2010

Source : http://www.remote-exploit.org/news.html

Downloads : http://www.backtrack-linux.org/downloads/ : Image ISO VM Image

Some informations about the release ( news , updates , developpements ..) will flollow.

Best regards

./d4rkfocus

Category : OS | Hits : 99 | Comments 0

#########################################################
# SQL INJECTOR V2.0
#########################################################
# [+] What�s New in this version ?
# 1/ Evasion choise
# 2/ proxy support
# 3/ all previous bugs were fixed
# 4/ URl Extractor + vuln scanner & checker
# 5/ More InJeCtIoN OPTIONS
#########################################################
# Language : PERL
# Coder : AlpHaNiX
#########################################################

# Avaible Options :
�/// MySQL
MySQL column length calculator            MySQL v4/5
MySQL target website db global infos      MySQL v4/5
MySQL Full Schema Extractor               MySQL v5
MySQL Data Dump                           MySQL v4/5
MySQL load_file fuzzer                    MySQL v4/5
MySQL Table_name Fuzzer                   MySQL v4
MySQL Column_name Fuzzer                  MySQL v4
�/// MsSQL
MsSQL DB global info
MsSQL Tables Extractor
MsSQL Columns Extractor
MsSQL Data Dumper
�/// Vulunerability Scanner
URL Extractor , SQL Vulnerability�s Scanner & checker