Menu
  • HOME
  • TAGS

SQL injection without single quotes

sql,sql-injection,hacking

This SELECT must be passed as a Scalar Subquery enclosed in parentheses. If date is simply concatenated with text then setting it to ' || (SELECT password FROM users WHERE username='admin') || ' results in INSERT INTO data_table VALUES ([other values], '' || (SELECT password FROM users WHERE username='admin') ||...

What are bots trying to do by hitting my website?

ip,bots,hacking

They look for known vulnerabilities, e.g. by attempting to fetch the admin pages for a popular blog package which is known to be vulnerable in some old versions. When they find a vulnerable site, they have a script (which typically they don't even understand; hence, "script kiddies") which exploits the...

any standard tests to prevent hacking?

java,selenium,testing,hacking

The only way to really stop hacking is to understand your code. For instance you have to understand in java how something like a hash table could be exploited. Or how a stack overflow could make your code vulnerable. There is no good way to stop a hacker but to...

RegExp to find specific string with random characters in between

php,regex,base64,hacking

(?:b[^a-zA-Z]*?a[^a-zA-Z]*?s[^a-zA-Z]*?e)|(?:d[^a-zA-Z]*?e[^a-zA-Z]*?c[^a-zA-Z]*?o[^a-zA-Z]*?d[^a-zA-Z]*?e) You can try this.See demo. https://regex101.com/r/pG1kU1/17...

Stack overflow exploits: RET vs. SEH overwrite

security,stack-overflow,exploit,seh,hacking

It depends what is the vulnerability and what are the exploit conditions. If you can overwrite the RET and build a full blown exploit than you are correct and overwriting the SEH would is unnecessary. But this is not always the case .. In some cases RET overwrite protections will...

Debug classes in rt.jar by copying their source to my project

java,spring,debugging,hacking

You would have to put your replacement classes in a separate directory or JAR file and prepend that to the bootstrap classpath using the -Xbootclasspath/p option to the java command. You should not distribute any code that uses this mechanism to override rt.jar classes but it's fine to use for...

Android facebook sdk : Login works without proper key hash

android,facebook,facebook-graph-api,facebook-android-sdk,hacking

Using a webview, there's no ability to enforce the sending of a key hash since the SDK is open source, and anyone can modify the source code (meaning they can override whatever key hash the SDK generates). During login, the user will still see the name and icon of the...

Dummy web application for penetetration testing ethical hacking

web-applications,owasp,hacking

this link should provide what you're looking for: http://www.amanhardikar.com/mindmaps/Practice.html

What do capture-the-flag challenges involve?

hacking

Capture the flag involves using various commands usually in linux and windows to navigate file directories for some challenges. When you enter a challenge you will usually have a certain amount of time to find as many flags as you can. Each flag is worth a different amount of points...

Unfamiliar Javascript syntax/hack

html,formatting,script-tag,hacking

My best guess is that the script code was originally put in a CDATA section like this: <script type="text/javascript" //<![CDATA[ //]]> </script> When deleting //<![CDATA[ (which wasn't needed since it's referring to an external source file), they simply neglected to remove the final //]]....

MATLAB cftool surface plot matrix

matlab,surface,hacking

As a possible workaround (potentially not very efficient) is to plot the output of the fit (fitresult) and fetch the XData, YData and ZData properties of the plotted surface. For example, after performing a dummy fit: hP = plot(fitresult) yields those properties for hP: Surface (curvefit.gui.FunctionSurface) with properties: EdgeColor: [0...

How can I hide my specific java source code (a single class) by convert into non readable?

java,hacking

There is only a way to partially do what you want. You can use proguard to obfuscate it. As for completely hiding the class I do not know any way to do that....

Finding stack buffer overflows

c,memory,heap,stack-overflow,hacking

There are two main approaches for finding stack buffer overflows: Black box testing The key to testing an application for stack overflow vulnerabilities is supplying overly large input data as compared to what is expected. However, subjecting the application to arbitrarily large data is not sufficient. It becomes necessary to...

Why does my assembly program give segfault?

linux,debugging,assembly,segmentation-fault,hacking

I have compiled your example and then looked at it using hexdump: (I had to add BITS 32 to it to compile in 32-bit mode, because I'm using Linux-64): $ vi test.asm $ nasm test.asm $ hexdump -C test 00000000 5c 0f 88 2f 00 00 00 31 5c 78...

Our OAuth2 implemention has security flaws

java,angularjs,security,oauth-2.0,hacking

You've successfully implemented a session hijack. This happens because sessions are based on tokens stored in the web page or cookies rather than IP addresses or something. This makes sense because IP addresses can be spoofed while a cryptographically secure session token is practically impossible to spoof. While you could...

Strange security issue - why would this happen? [closed]

forms,security,bots,spam,hacking

I don't think that you will ever find any useful answer to your question, because there are lots of reasons that someone may do this. It may be "for fun", increase google ranking, or there are personal "rivalries" between someone else with the company. Well, you can see at least...