Connect With Me In Facebook

Add me as Friend on Facebook!
Welcome to DefendHackers, If u want to Apply for a Blogroll as a Author , With h4ckfreak Mail me @ suren.click@gmail.com

Mark Zuckerberg tells 8th graders “there’s no shortcuts” and to make friends

By h4ckfreak

123456789

Monday, December 19, 2011

Basics of Arbitary File Upload

Monday, December 19, 2011  h4ckfreak  No comments

As the name suggests Arbitrary File Upload Vulnerabilities is a type of vulnerability which occurs in web applications if the file type uploaded is not checked, filtered or sanitized. The main danger of these kind of vulnerabilities is that the attacker can upload a malicious PHP , ASP etc. script and execute it. The main idea is to get the access to the server and execute desired code. for example an Attacker who have gained access to such kind of vulnerability can upload a malicious shell script and further can control the machine to execute desired commands, which would lead to a full compromise of the server and the victim’s server...
Read More

Basics of LFI and RFI Attacks

Monday, December 19, 2011  h4ckfreak  No comments

Local File Inclusion ( LFI ) is a method of including files on a server through a Modified Special HTTP request. This vulnerability can be exploited using a Web Browser and thus can be very easy to exploit. The vulnerability occurs when a user supplied data without sanitizing is provided to an ‘inclusion type’ (like , include() , require() etc.) . Mostly these attacks are accompanied by Directory Transversal attacks which can reveal some sensitive data leading to further attacks. Now that’s quite a bit of theory there let’s have a look on a sample vulnerable application. Demonstration [Proof of Concept] I have created a pair of...
Read More

Basics of XSS, How the Logic Works

Monday, December 19, 2011  h4ckfreak  No comments

Cross Site Scripting also known as XSS is a popular type of Client Site Attack, It is a type of attack which occurs in Web-Applications and allows an attacker to inject desired client-side scripts into Web-Pages viewed by others. Types of XSS This attack is mainly of 2 types Non-Persistent This type of attack is carried out by injecting some client side code in a Vulnerable URL. Now further the Attacker can spread this URL and send it to his/her victims by means of some social engineering etc , on clicking these links the Victims Unknowingly executes the injected code , Which in turn can result in Cookie stealing , Privacy...
Read More

Obfuscating PHP

Monday, December 19, 2011  h4ckfreak  1 comment

I must say that hiding or obfuscating is not the most effective ways of security but it’s still effective to keep a Script Kiddy confused about what actually you are using in your server. As an example - Server may use vulnerable version of PHP, with a public exploit released at some underground markets, Most of the time a simple automated exploit is released to help the “Point-Click-Hackers” (Script Kiddies). Now all they have to find is which Version of PHP you are using and if it is vulnerable, Point the exploit, launch it and own your system. In these cases obfuscating can really help you a lot. By PHP obfuscation you...
Read More

Pages 381234 »