Today I’ve been accidentally paying attention to a php code that reminds me a issue that it ain’t totally important how long has somebody been in programing world , just his ability to reduction and maintenance ! … Read more
Hello everybody , after a insufferable weak that I complain with , I’m here to post up the blog , I’ve recently been occupied by penetration test on some web applications , while these days I’ve frequently seen several bypasses for php and I just wondered , the vulnerabilities are advancing coming out faster than I thought they would … Read more
You may be announced of my web site hacked few days ago , it was around five O’clock , I was received an instant message of defacement of the sc0rpion.ir , I knew that it’s not an imbalance , each site has approximately been hacked one time till today . … Read more
This publishing is around bonus stuff which I’ve considered ,MySQL injection , I had written a query :
/page.php?id=-1 union select table_name,2 from from information_schema.tables
where TABLE_SCHEMA='Sc0rpion'
As you see we used a single quote in query … Read more
Finally after a couple of unfortunate events that led me to be away from virtual world , I’m here with a tolerable home and internet connection , I’ve fixed up my most of my problems such as changing server and .. I think I can continue just like before . … Read more
6th International ISC Conference on Information Security and Cryptology was successfully held in Isfahan . I went because of invitation I’d received from Ali Abbasi ( black_ice ) . there wasn’t only me but also we were a team formed from four people and we appeared as ” vulnerability analysis & penetration testing group - computer security incident response team - Sharif university of technology ” . … Read more
In the present paper there will be a speech about one of safety ways of the programming language PHP . in each web application you surely must care about any processing data obtained from the user and operating for their storage the database MySQL . … Read more
The project was rarely started few months before but kept seriously following in 2 weeks ago , the primary bots had been coded in C# language programming and the controller panel was PHP . the PHP panel was simply consisted from two main phrases , the main PHP panel handling the connection between zombies and panel , the MySQL database which had information about zombies systems , and it appeared as command executor either . … Read more
I had my own PHP source analyzer , I used it in my projects and it helped me write content management systems efficiently . I have it right now , all it does is showing the dynamic queries , dynamic inclusions and important dynamic variables clearly . for example I give it a blah project directory so it searches into source of all files in all main and sub directories then if it finds something , returns the the result in HTML page containing the path of file besides the line of file which the word located on , at last it classifies the information . … Read more
In the way of changing of style of coding to OOP , I tried to wrote various classes and call them back whenever I want , as a efficient one you would feel comfortable with that is MySQL class . in old way the query had to frequently be assigned to a variable and then the mysql_query() , mysql-fetch-array() , mysql-num-rows() or etc … appeared by default in most cases . … Read more
