ہمیں اپنے گلے کے بچھو نظر نہیں آتے اور دوسروں کی مکھیاں اڑانے کی فکر لگی ہوئی ہے۔




تحریر اشفاق احمد
نیا نیا دین پڑھنا شروع کیا تھا۔ نمازیں وقت پر ادا ہونے لگیں، اذکار، نوافل، تلاوتِ قرآن۔ میوزک کی جگہ دینی لیکچرز، پردہ۔ ایک کے بعد ایک تبدیلی۔۔ زندگی میں سکون تو تھا ہی لیکن اب سکون کی انتہا ہونے لگی۔ تشکر سے دل بھر گیا۔ جہاں ایک طرف سب کچھ perfection کی طرف جا رہا تھا، وہاں ساتھ ہی ایک بہت بڑی خرابی نے ہلکے ہلکے دل میں سر اٹھانا شروع کیا۔ تکبر! جی۔ یہی شیطان کی چالیں ہیں۔ اول تو وہ دین کی طرف آنے نہیں دیتا۔ اگر اس مرحلے میں ناکام ہو جائیں تو ریا کاری کروا کے نیکی ضائع کرواتا ہے ، دل میں تکبر ڈال کر ضائع کرواتا ہے۔مجھے یہ تو نظر آتا تھا کہ فلاں نے تین ہفتے سے نمازِ جمعہ ادا نہیں کی تو اسکے دل پر مہر لگ گئی ہے، مجھے یہ بھول جاتا تھا کہ اللّٰہ تعالٰی نے ساری زندگی زنا کرنے والی اس عورت کو پیاسے کتے کو پانی پلانے پر بخش دیا۔ مجھے یہ تو دکھائی دیتا کہ فلاں لڑکی نے پردہ نہیں کیا، مجھے یہ بھول جاتا کہ رائی جتنا تکبر مجھے کہیں جہنم میں نہ گرا دے۔ مجھے یہ تذکرہ کرنا تو یاد رہتا کہ فلاں نے داڑھی رک لی اور نماز ادا نہیں کی، مجھے یہ بھول جاتا کہ کسی کی غیبت کر کے مردار بھائی کا گوشت کھانے کی مرتکب تو میں بھی ہو رہا ہوں۔
یہ سلسلہ کچھ عرصہ یونہی چلتا رہا۔ پھر ایک بار کسی نے بڑے پیارے انداز میں ایک قصہ سنایا۔ قصہ ایک فقیر کا تھا۔ وہ مسجد کے آگے مانگنے بیٹھا۔ نمازی باہر نکلے تو انہیں اپنی نمازوں پر بڑا زعم تھا۔ فقیر کو ڈانٹ کر بھگا دیا۔ وہاں سے اٹھ کر فقیر مندر گیا۔ پجاری باہر آئے تو اس کے ساتھ وہی سلوک یہاں بھی ہوا۔ تنگ آ کر وہ شراب خانے کے باہر بیٹھ گیا۔ جو شرابی باہر آتا اور اسے کچھ دے دیتا، ساتھ میں دعا کا کہتا کہ ہم تو بڑے گناہگار ہیں، کیا پتہ تجھے دیا ہوا ہی بخشش کا باعث بن جائے۔
مجھے سمجھ آ گئی تھی کہ گناہ کر کے شرمندہ ہونا نیکی کر کے تکبر کرنے سے بہتر ہے۔
یہ قصہ میرے لئے turning point ثابت ہوا۔ ہم سب کو اپنے آپ کا جائزہ لینے کی شدید ضرورت ہے۔ ضرور امر بالمعروف اور نہی عن المنکر کریں لیکن judgement کا کام رب کے لئے چھوڑ دیں۔ نیکی کا کام دل میں امت کا درد اور محبت لے کر کرنے سے ہو گا، اپنے آپکو باقیوں سے برتر سمجھ کر نہیں۔ کانٹے بچھا کر پھولوں کی توقع کیسے کی جا سکتی ہے؟
نفرتیں پھیلا کر محبتیں کسیے سمیٹی جا سکتی ہیں؟
دوسروں کی اصلاح کریں لیکن اپنے رویئے پر کڑی نگاہ رکھنا نہ بھولیں۔
بابا جی اشفاق احمد صحیح کہتے ہیں، ہمیں اپنے گلے کے بچھو نظر نہیں آتے اور دوسروں کی مکھیاں اڑانے کی فکر لگی ہوئی ہے۔

Try it, which animal do you see first?

The first animal you see would determine your personality

Our minds play tricks on us all the time and they see things the way we want them to see it. The image you see first, therefore, says a lot about who you are based on your choice.
Our personalities are quite complex and there are multiple traits which come into play to create the personality which we reflect. Our personalities have multiple sides and there are numerous dimensions of our personality which come together in a cumulative way to describe our overall attitude.

Image Source: Pixabay
Image Source: Pixabay

That being said, we do have some primary traits which form the backbone of our personalities. While we add different dimensions to our thoughts with our experience and knowledge, the central qualities which define us rarely change. And these traits are the ones which help us decide the kind of people we become and the choices we make.

Image Source: Pixabay
Image Source: Pixabay


Your mind, therefore, tricks you into seeing things the way you want to see them and your personality has a lot to do with your choice. The animal, for example, you see first in the picture below does, therefore, reveal a lot about your choices and the personality you have. Try it, which animal do you see first?

Which animal do you see first?
Which animal do you see first?


#1 A Butterfly


A Butterfly
A Butterfly


A butterfly is the most well-known symbol of beauty and change. It transforms from a cocoon to one of the most elegant of all nature's creation. If the butterfly was the first thing you saw, you most probably reflect the same traits. You are adaptable, flexible and you can change yourself based on your needs and can do whatever needs to be done. You may also find yourself in the ugly pictures of life (in your cocoon) but rest assured, you have the personality to break out and be the beautiful person you are meant to be.

#2 An Eagle


An Eagle
An Eagle


Wild, free and built for the skies, an eagle is one of the ultimate predators of nature. If you spotted the eagle first, it shows that you too are focused and completely driven towards what you want. You never waiver in your decisions and once you have got the target locked, the thing that you want most in life, you would swoop down to grab it and fly away with it, high into the skies, beyond anyone's reach.

#3 A Praying Mantis


A Praying Mantis
A Praying Mantis


A praying mantis is a master of the senses and patience. It can keep still for hours, waiting for its prey and acts without warning to hunt it. If a praying mantis was the first creature you saw, then you have really strong instincts. Your inner voice guides you and you are clearly in touch with your primal self. You go by your guts and more often than not, you get what you want. You are the master of your domain and just like the mantis, there's a fighting spirit driving you from within. 

#4 A Dog


A Dog
A Dog


Loyal, brave, protective and truly selfless, everyone knows the traits associated with a dog but there are truly very few who actually imbibe these traits. If the dog was the first thing you saw, you can rest assured that you are one of the very few people who can be all of the above at the same time. You can be loyal but fierce, selfless and loving, protective and playful at the same time. You are a blend of most rare and incredible traits in the world and no wonder, you are loved by everyone who has the opportunity to know you.

#5 A Wolf


A Wolf
A Wolf


A lone warrior who walks in a pack. The wolves are known to live in a pack but they are also lonely creatures, wandering the wild alone, fearless and fierce. If it was the wolf that you saw first, chances are that your inner self is as fierce and fearless as that of a wolf's. You may walk in a crowd, but your personality will always stand out. To be a wolf can be both an exhilarating experience as well as a lonely affair but you are built to handle it all. 

#6 A Crab


A Crab
A Crab


Hard on the outside, soft from within, you share this trait with the crab if it was the first creature you saw in the picture. Crabs are also known to be extremely loyal. It goes without saying, therefore, that if you look within yourself, you would find that you have always been loyal (whether you know it or not). You have always placed the needs of your loved ones ahead of your own and never in your wildest thoughts have you considered cheating/betraying those who trust you. 

#7 A Rooster


A Rooster
A Rooster


If a rooster was the first image you saw, the primary characteristic of your personality is perseverance. A rooster is not meek by any standards, it is quick, smart, persistent and despite the small body, roosters are known to be fierce creatures. You, like them, may look harmless by the looks of it but when it matters, there are few who can fight back, like you.

#8 A Stallion


A Stallion
A Stallion


If the stallion was the first thing you saw, you are indeed one of the ambitious kind. Wild, free and raw, you are driven to succeed and to be free no matter what. You never shy away from an honest day's work and you are not the one to stay away from a fight. You are in touch with your inner-self which is ready to stand out and be counted. Your personality is the same, exemplary, honest and driven.

#9 A Dove


A Dove
A Dove

A symbol of peace and eternal love, a dove is one of the most beautiful creations of nature. If a dove was the first creature you saw, you probably are a wise soul. You are calm, patient, nurturing and at peace with yourself. It is one of the most difficult things to attain in life (peace from within) and you are well placed to attain peace with least effort from your side. You'll always be a symbol of hope for someone.

Where does Pakistan stand in World Economic Freedom Index 2018?


According to the Time of Islamabad  report World Economic Freedom report has surfaced and Pakistan has not performed well even this year. *
Pakistan has achieved an economic freedom score of 54.4 in the “Economic Freedom Index” 2018 conducted by the Heritage Foundation.
Pakistan’s economy was ranked the 131stfreest in the 2018 index and its overall score rose by 1.6 points with a major improvement in fiscal health offsetting falls in government integrity and business freedom.
In the Asia-Pacific region, Pakistan’s economy was ranked at 31st amongst forty-three countries. The overall score of 54.4 remains below the world and regional averages which stood at 61.1 and 61.0 respectively.
In the last few years, some elements of economic freedom have proceeded timidly in Pakistan according to the “Economic Freedom Index” but years of internal political rows and low levels of foreign investment contributed to unpredictable growth and underdevelopment.
The immense meddling of the state in the economic affairs of the country and the inefficient but pre-eminent regulatory agencies discourage private business formation, the report said.
It added that a lack of access to bank credit threatened entrepreneurship and innovation had slowed down due to the isolation of the financial sector from the outside world.
Also, the “Economic Freedom Index” 2018 report said the judicial system was severely affected by a serious backlog and poor security and corruption keeps on tarnishing the civil service and judiciary.
In the rule of law section, property rights score stood at 36.0, down 0.4 from the previous year. Judicial effectiveness score was 34.0, down 0.1 and government integrity at 27.3, recording a fall of 3.2.
The report said “Pakistan’s legal system provides incomplete protection for the acquisition and disposition of property rights. Although technically independent, the justice system is marred by such endemic problems as corruption, intimidation, a large backlog of cases, and insecurity. Corruption is pervasive. Many public officials face allegations of bribery, extortion, cronyism, nepotism, patronage, graft, and embezzlement.”
In the government size section, tax burden recorded a score of 78.5, down 0.4 from the previous year. Government spending stood at 88.2, recording an increase of 0.9 and fiscal health saw the biggest up of 23.2 points, touching 54.0.
The regulatory efficiency section saw a score of 55.3 in the business freedom benchmark, down 5.9 points. Labour freedom benchmark saw a score of 40.6 points, up 2.8 points and monetary freedom benchmark posted a score of 40.6, registering a rise of 2.9 points.
The report highlighted business freedom was lagging in the country, with entrepreneurs facing major licensing and other bureaucratic hiccups. Also, legal protections for laborers was cited as very weak.
In the open market section of the report, the country scored 65.9 in trade freedom benchmark, registering a 1.3-point fall from the previous year, with investment freedom benchmark remaining unchanged at 55.0. Financial freedom benchmark score stood unchanged at 40.0

The Index of Economic Freedom is based on 10 categories:
1. Business Freedom,
2. Trade  Freedom,
3. Tax Burden,
4. Freedom from Government,
5. Monetary Freedom,
6. Investment Freedom,
7. Financial Freedom,
8. Property Freedom,
9. Freedom From Corruption,
10. Labor Freedom,

Thank U for reading


Stay Connect with us: amadahmad.blogspot.com

The last words of Steve Jobs


I have come to the pinnacle of success in business.

In the eyes of others, my life has been the symbol of success.
However, apart from work, I have little joy. Finally, my wealth is simply a fact to which I am accustomed.
At this time, lying on the hospital bed and remembering all my life, I realize that all the accolades and riches of which I was once so proud, have become insignificant with my imminent death.
In the dark, when I look at green lights, of the equipment for artificial respiration and feel the buzz of their mechanical sounds, I can feel the breath of my approaching death looming over me.
Only now do I understand that once you accumulate enough money for the rest of your life, you have to pursue objectives that are not related to wealth.
It should be something more important:
For example, stories of love, art, dreams of my childhood.
No, stop pursuing wealth, it can only make a person into a twisted being, just like me.
God has made us one way, we can feel the love in the heart of each of us, and not illusions built by fame or money, like I made in my life, I cannot take them with me.
I can only take with me the memories that were strengthened by love.
This is the true wealth that will follow you; will accompany you, he will give strength and light to go ahead.
Love can travel thousands of miles and so life has no limits. Move to where you want to go. Strive to reach the goals you want to achieve. Everything is in your heart and in your hands.
What is the world's most expensive bed? The hospital bed.
You, if you have money, you can hire someone to drive your car, but you cannot hire someone to take your illness that is killing you.
Material things lost can be found. But one thing you can never find when you lose: life.
Whatever stage of life where we are right now, at the end we will have to face the day when the curtain falls.
Please treasure your family love, love for your spouse, love for your friends...
Treat everyone well and stay friendly with your neighbors.



For More Stay Tune with Us: https://amadahmad.blogspot.com

Session Cookie Based SQL Injection

Short Description: SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Did you say a “Cookie” 

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.[1]


Where can I find my cookies?


Here is one way to get your stored cookies using your browser. This method is applied for Mozilla Firefox:


  1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

  2. At the top of the window that appears, click Privacy.

 4. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:


  • To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
  • To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
  • To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
  • To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.

  4. Click OK until you return to the Firefox window.

To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.



Are you talking about a Cookie Poisoning-like attack?


Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.[4]
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

Cookie variables as a vector of SQL Injections:


SQL injection overview

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.

Injecting malicious code in cookie:

Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.



 function is_user($user) {

global $prefix, $db, $user_prefix;

if(!is_array($user)) {

        $user = base64_decode($user);

        $user = explode(“:”, $user);

$uid = “$user[0]“;

$pwd = “$user[2]“;

} else {

$uid = “$user[0]“;

$pwd = “$user[2]“;

}

if ($uid != “” AND $pwd != “”) {

    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$pass = $row[user_password];

if($pass == $pwd && $pass != “”) {

return 1;

}

}

return 0;

}

The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:


  SELECT user_password FROM nk_users WHERE user_id=’12345′ UNION SELECT ‘mypass’

This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?

There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. Forexample, ‘;‘ and ‘,‘ are typically treated as delimiters, so they endthe injection if they aren’t URL-encoded.

Conclusion

Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.

For more Updates Visit: amadahmad.blogspot.com