Recent Posts



SQL Injection And UTF 7 encoding

July 5, 2007

Query:- There is a web application vulnerable to SQL Injection, but the web server has added protection like magic_quotes or the application calls the function add_slashes, which means i can't insert  a single quote and thus cant exploit a SQL Injection. The injection point is in a string field. Does… Read More

Recommended Books For Pentesting

June 30, 2007

Although, i don't have the habit of reading books, here are a few books which you may consider reading. ———–  Database Hackers Handbook.(David Litchfield) Oracle Hacker's handbook (David Litchfield)  Hacking Web Applications Exposed (TMH Publications) Essential PHP Security (Chris Shifflett) TCP/IP Illustrated (Comer). Hacking Linux Exposed.  ——-  As this list… Read More

Owning IIS 6.0 When Webserver Supports Put and Move HTTP Methods

June 14, 2007

Credits: ice  and ferruh In IIS 6.0 you can upload the backdoor scripts but u may not be able to execute the default cmd.exe present in the iis box, so u need to upload your own cmd.exe first and then make your asp backdoor point to the cmd.exe which you… Read More

Undisclosed WordPress 2.0 Security Issues

June 5, 2007

I recently came across this security advisory and decided to find out what the undisclosed issues could be. I downloaded wordpress 2.0 to find these undisclosed issues. Why i am interested in wordpress 2.0 is a different story though. 🙂 It was trivial to figure out that this version has… Read More

WordPress Unauthorized Comment Disclosure

June 1, 2007

By Enumerating, the name and email address of a comment author, an attacker can read the comment submitted by the author while the comment still waits an administrator to approve it and publish it. This again points to the need for a better session management in WordPress. Read the full… Read More