Hello everybody , after a insufferable weak that I complain with , I’m here to post up the blog , I’ve recently been occupied by penetration test on some web applications , while these days I’ve frequently seen several bypasses for php and I just wondered , the vulnerabilities are advancing coming out faster than I thought they would Read more…
This publishing is around bonus stuff which I’ve considered ,MySQL injection , I had written a query :
/page.php?id=-1 union select table_name,2 from from information_schema.tables
where TABLE_SCHEMA='Sc0rpion'
As you see we used a single quote in query Read more…
What do you do when I find a LFI bug ? you customarily go around reading directories or important files like passwd , finding paths , grabbing off the connectors between portals and MySQL configuration files , and you wish the FTP and configuration passwords are matched . sometimes another tricks , injection into log files and so on … i another way you can play with user-agent , it sounds interesting , doesn’t it ? Read more…
At beginning let me appreciate ISCN members ( Alireza and Morteza ) for their effort whole past a year , to night I’m placing the express SQL server dumper written by Alireza-MagicBoy Read more…
The bug has been found by Alireza Afzali from ISCN team , date of finding bug : 2008/05/5 and it was private till to night . over 10 military websites and 20 states of United State of America have been defaced by this bug Read more…
Hi , the tutorial clip around cracking the passwords of cPanel has recently been published , the method is mainly focused on trying different passwords within a user name ( brute force ) . you might ask me about the protection installed in cPanels that commonly controls authentication against brute force attacks Read more…
Hi , as this article is focused mainly on web based attack I will go over the method fairly quickly , maybe you have seen the server with long listed of disable functions Read more…
I’ve been with studding nearly 6 months and the expectancy is that it would continue until next 3 months to see my concern , konkoor . by the way this rest or free time caused me to post up blog whereas I could imagine nothing to write till I found my old PHP project !
I have made decision long time ago that was to make public the Injector source Read more…
As server has only http port opened ( 80 ) , anything useful can’t be returned by your most trusted vulnerability scanner , the most known method called Injection may be using Read more…
Injector is a tool that injects user defined queries into vulnerable page and does some processes and activities , in fact it’s a utility tool which enables users to profit injection bugs considering he/she knows nothing about injection attacks structures , tricks and queries ( I suppose this is default contemplation of all utilities ) Read more…
