Menu

Tuesday, March 27, 2007

What is SQL injection?

Definition- SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. ~Wiki

Hi all, Want to hack some web databases which located in different locations?? Yeahhhh you can do it!! I have already tried and its really fun. I am not going to tell you the sites that I have tried, but you could find more...
All you have to do is block all JavaScripts on your browser. You can easily do it by Firefox web browser. In order to do that with Firefox browser you have to download a pluggin called Web Developer 1.1.3 and install it on your browser.

The Web Developer extension adds a menu and a toolbar to the browser with various web developer tools. It is designed for Firefox, Flock, Mozilla and Seamonkey, and will run on any platform that these browsers support including Windows, Mac OS X and Linux.
Several websites do their control validations using client side scriptings.
For example you want to retrive a invoice number from a particular website.
So the site allows you to enter only numbers(Integers) and also will retrieve only one record at a time.

So what will happen if you disable client scripts? If there isnt any sever side validations you have full privilege to enter anything on that field in order to process data.

So why dont you get full advantage of it?
If the website data processing has done by using SQL statements, Why dont you enter some SQL statements on that field and see what will happen?

Thats all about I have to say on this.. I guess you got my points.
ha ha!! All the best!

But keep it on your mind if you do something like that site will easily track your IP address and locate your location. So dont be afraid,use a anonymous proxy browsing site that I have mentioned below in order to hide IP and your funny face!! :-)

Some Usefull Links:-
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
http://www.imperva.com/application_defense_center/glossary/sql_injection.html

Posted by at No comments:

Monday, March 26, 2007

Want to Block a Site?

yoo guys do you want to block a site in your local computer? or change the localhost name? or want to give a specific name to known IP address? its simple. You can do it by editing the host file in your windows OS. So first of all what is the host file?

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You could find windows hosts files in following locations..
Windows Vista = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98/ME = C:\WINDOWS

Open the hosts file in notepad.
For example if you want to block a site called www.hailztorm.com.
Type following commands in the bottom of your host file,

127.0.0.1 www.hailztorm.com

127.0.0.1 www.nuwandimuthu.tk
127.0.0.1 www.gmail.com

When you surf to a site, Windows automatically checks to see if the address is located in the Hosts file. The number 127.0.0.1 is the "loop back" IP address of your own computer, so Windows skips the link to the site (www.hailztorm.com) and moves on. The ad server can't open its window, so it can't load any programs, spyware, or cookie files either.
Posted by at 3 comments:

Tuesday, March 20, 2007

Speed Up Firefox web browsing

I got this code from http://www.hackaday.com/ and you can edit some hidden configuration files in your Firefox browser in order to speed up web browsing.



If you're using a broadband connection this will be really helpful


  1. Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:

    network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests

    Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.


  2. Alter the entries as follows:
    Set "network.http.pipelining" to "true"
    Set "network.http.proxy.pipelining" to "true"
    Set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once.

  3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it receives.




Posted by at 1 comment:

Read active directory

Using this code you can read Active Directory of your domain. On this code segment I have retrieved some active directory properties and set them as session variables.


using System.DirectoryServices;

 DirectoryEntry entry = new DirectoryEntry("LDAP://yourdomain.com");
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(SAMAccountName=" +User.Identity.Name.ToString().Replace("yourdomain\\", "") + ")";

SearchResult result = searcher.FindOne();
if (result != null)
{
Session["Surname"] = result.Properties["sn"][0];
Session["Firstname"] = result.Properties["givenname"][0];
Session["Email"] = result.Properties["mail"][0];
Session["Title"] = result.Properties["title"][0];

Response.Write(result.Properties["sn"][0] + " ");
Response.Write(result.Properties["givenname"][0] + " ");
Response.Write(result.Properties["mail"][0] + " ");
Response.Write(result.Properties["title"][0] + " ");
}
Posted by at No comments:

Friday, March 16, 2007

What is Domain Name Service?

Domain Name Service (DNS) is the service used to convert human readable names of hosts to IP addresses.
The Domain Name System (DNS) is basically a large database which resides on various computers and it contains the names and IP addresses of various hosts on the internet and various domains.

DNS names are assigned through the Internet Registries by the Internet Assigned Number Authority (IANA). The domain name is a name assigned to an internet domain.

Basically we could retrieve IP addresses associated with a given hostname, Also in reverse resolve a known IP address is to lookup what the associated hostname is belonging to that IP address.

Here is some useful sites that you can use to retrieve DNS details,

http://www.dnsstuff.com/
http://www.whois.net/
http://swhois.net/
http://webtools.live2support.com/nt_dig.php

Posted by at

Wednesday, March 14, 2007

Send a authenticated mail in .NET2.0(C#)

This summary is not available. Please click here to view the post.
Posted by at No comments:

Send a simple email using smtp?

[ C# ] 
MailMessage mail = new MailMessage();
mail.To = "me@mycompany.com";
mail.From = "you@yourcompany.com";
mail.Subject = "this is a test email.";
mail.Body = "this is my test email body";
SmtpMail.SmtpServer = "localhost";  //your real server goes here
SmtpMail.Send( mail );

[ VB.NET ] 
Dim mail As New MailMessage()
mail.To = "me@mycompany.com"
mail.From = "you@yourcompany.com"
mail.Subject = "this is a test email."
mail.Body = "this is my test email body"
SmtpMail.SmtpServer = "localhost" 'your real server goes here
SmtpMail.Send(mail)
Posted by at 2 comments:

Animate Images- Moving one by one

Create a folder called "images2" and put all pictures into that folder.

<SCRIPT>
// Create a bunch of off-screen images, and get them started
// loading the images we're going to animate.
images = new Array(5);
for(var i = 0; i <6; i++) {
images[i] = new Image();//Create an Image object
images[i].src = "images2/" + i + ".gif";
// tell it what URL to load
}
// knowing that they've been loaded into the cache. Note that we perform
// the animation by assigning the URL, not the Image object itself.
// Also note that we call the image by name, rather than as document.images[0]
function animate()
{
document.animation.src = images[frame].src;
frame = (frame + 1)%6;
timeout_id = setTimeout("animate()", 750);
// display next frame later
}
var frame = 0;
// keep track of what frame of the animation we're on.
var timeout_id = null; // allows us to stop the animation.
</SCRIPT>


<IMG SRC="images2/0.gif" NAME=animation width="232" height="190"></td>
<td width="7" height="21"> </td>

----------------------------------------------------------------------------------
Posted by at
Subscribe to: Posts (Atom)