Monday, April 28th, 2008 Microsoft has provided security advice to web developers using its products after many such sites were compromised. Last week, hundreds of thousands of web pages were infected with a malicious iframe which tries to infect visitors with a trojan. Many high profile sites including the United Nations (un.org), the UK ...
Posted in Internet, Security | No Comments
Saturday, April 26th, 2008 How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 24th, 2008 There's another round of mass SQL injections going on which has infected hundreds of thousands of websites.Performing a Google search results in over 510,000 modified pages.
Posted in Coding, Internet, Security | No Comments
Monday, April 21st, 2008 The Captcha used in the current version 8.1 of PHP Nuke can be deciphered with 100% accuracy. more information can be found here:http://www.rooksecurity.com/blog/?p=6Exploit Code: http://www.rooksecurity.com/exploits/php_nuke_captcha.zipWhat is so interesting about this captcha is that it is incredibly wide spread. Variants of this captcha are being used by big names like Paypal. ...
Posted in Coding, Internet, Security, Software | No Comments
Monday, April 21st, 2008 Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
