Using Cookies For Selective DoS and State Detection: “
28 posts left….
This is a continuation of he first post where we described how you can use cookies to DoS certain portions of the website. After our speech one of the Mozilla guys came up to us and described another attack that arises from this. Let’s say when a user logs in it sets a cookie that is 200 bytes long, and when they log out it re-sets the same cookie to 50 bytes. Well if the attacker can set a cookie with a particular path to a single image on the site, for instance, they can use JavaScript to check with an onerror event handler to see if the image has loaded.
Read more…
Categories: Website Security Tags: Aspx, Attacker, Exploit, Logout, Maximum Size, Org Web, Parent Domain, Perspective, Prevention, Real Solution, Reportabuse, Scoped, Scripts, Security Lab, Sokol, Target, Web Application Security, Web Server, Web Servers, xss
Google Dork:
inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
inurl:”id=” & intext:”Warning: mysql_fetch_array()
inurl:”id=” & intext:”Warning: mysql_num_rows()
inurl:”id=” & intext:”Warning: session_start()
inurl:”id=” & intext:”Warning: getimagesize()
inurl:”id=” & intext:”Warning: is_writable()
inurl:”id=” & intext:”Warning: getimagesize()
inurl:”id=” & intext:”Warning: Unknown()
inurl:”id=” & intext:”Warning: session_start()
inurl:”id=” & intext:”Warning: mysql_result()
inurl:”id=” & intext:”Warning: pg_exec()
inurl:”id=” & intext:”Warning: mysql_result()
inurl:”id=” & intext:”Warning: mysql_num_rows()
inurl:”id=” & intext:”Warning: mysql_query()
inurl:”id=” & intext:”Warning: array_merge()
inurl:”id=” & intext:”Warning: preg_match()
inurl:”id=” & intext:”Warning: ilesize()
inurl:”id=” & intext:”Warning: filesize()
inurl:”id=” & intext:”Warning: require()
Read more…
Categories: Database Security, Server Security, Tutorialz Tags: Amp, Array, database, dork, Download Rar, Download Sql, Download Tool, Download Video, Exec, Google, hacking, hacks, injection, mysql, Pg, sql, Video Tool
Since we talk about hacking, how about a little desktop/networking hack – how cool is to have your LEDs on keyboards to blink as you transfer data on network 
Try Network Lights and let us know. Windows Only.
Denial of Service (DoS) and distributed Denial of Service (DDoS) attacks involve an attempt to make a computer resource unavailable to its intended users. This may simply be for malicious purposes as is often the case when big commercial or famous web sites undergo a DDoS attack. However, it is also possible to exploit the system’s response to such an attack to break system firewalls, access virtual private networks, and to access other private resources. A DoS attack can also be used to affect a complete network or even a whole section of the Internet.
Read more…
Categories: Database Security, Network Security, Server Security, Tutorialz, Website Security, Wireless Security Tags: Attack Software, Authentication Servers, Computer Engineers, David Irwin, Ddos Attack, Ddos Attacks, Denial Of Service, Denial Of Service Dos, Internet Requests, John Wu, Legitimate Traffic, Legitimate Users, Malicious Purposes, Network Denial, Private Resources, Service Denial, Target Machine, Tong Liu, Valid Passwords, Virtual Private Networks
The Top 10 Web Application security vulnerabilities
Read more…
Categories: Server Security, Tutorialz, Website Security Tags: Common Security, Critical Web, Cyber Security, Example Web, Html Page, Input Data, Open Web, Owasp, Proper Html, Query Parameters, Security Problems, Security Project, Security Vulnerabilities, Swingset, Top Ten Security, Web Application Security, Web Applications, Webgoat, Writeln, xss
Recently I was doing a little work for a client who has MyISAM tables with many columns (the same one Peter wrote about recently). The client’s performance is suffering in part because of the number of columns, which is over 200. The queries are generally pretty simple (sums of columns), but they’re ad-hoc (can access any columns) and it seems tailor-made for a column-oriented database.
Read more…
Categories: Database Security, Tutorialz Tags: 1 Million, Amazon Server, Architecture, Benchmark, Columns, Databases, Deb, Enough Memory, Graph, Loaded, Monet, mysql, Mysqldump, Open Source Community, Oriented Database, Random Numbers, Sql Statements, Sums, Tuning Box, Types Of Queries
