|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : In the course of the last penetration testing, I had an occasion to work with the following web application architecture I guess you will ask me, what s wrong here The problem is that Oracle is not MySQL, and it simply doesn t know about any shielding in the form of backlashes Oracle doesn t consider the concept of shielding at all, because it s a serious DBMS It should be mentioned that we have met a lot of Oracle DBMSs during the last penetration testing, and most of them contained the described vulnerability, i.e. they had a universal login 'or 1 1 -- aka SQL Injection . A similar feature of interpretation of a backslash as an independent symbol is characteristic for Microsoft SQL Server, too For the Sybase database, we have Thus, it is necessary to take such features of DBMSs into account in the course of programming and porting your applications to various databases to avoid problems relating to SQL Injection. Comment this topic was described by Bernardo Damele 1,2 in his blog one year ago, but the practice shows that the problem is still urgent.
Les derniers articles du site " Positive Technologies Research Lab" :
- RFI over SQL Injection Cross-Site Scripting
- Magic Quotes
- Methods of Quick Exploitation of Blind SQL Injection
- Juniper JUNOS Remote Kernel Crash Flaw
- WASC Threat Classification v2.0 is Out
- Over 32 million accounts have been compromised the result of an attack on the RockYou.com site
- HTTP Parameter Fragmentation HPF is one of the methods to bypass security filters in web applications
- non blind SQL Injection
- Password analysis for Windows Live Hotmail users
- Another fine method to exploit SQL Injection and bypass WAF
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
