Showing posts with label How To. Show all posts

Session Cookie Based SQL Injection

Short Description: SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Did you say a “Cookie” 

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.[1]


Where can I find my cookies?


Here is one way to get your stored cookies using your browser. This method is applied for Mozilla Firefox:


  1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

  2. At the top of the window that appears, click Privacy.

 4. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:


  • To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
  • To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
  • To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
  • To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.

  4. Click OK until you return to the Firefox window.

To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.



Are you talking about a Cookie Poisoning-like attack?


Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.[4]
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

Cookie variables as a vector of SQL Injections:


SQL injection overview

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.

Injecting malicious code in cookie:

Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.



 function is_user($user) {

global $prefix, $db, $user_prefix;

if(!is_array($user)) {

        $user = base64_decode($user);

        $user = explode(“:”, $user);

$uid = “$user[0]“;

$pwd = “$user[2]“;

} else {

$uid = “$user[0]“;

$pwd = “$user[2]“;

}

if ($uid != “” AND $pwd != “”) {

    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$pass = $row[user_password];

if($pass == $pwd && $pass != “”) {

return 1;

}

}

return 0;

}

The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:


  SELECT user_password FROM nk_users WHERE user_id=’12345′ UNION SELECT ‘mypass’

This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?

There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. Forexample, ‘;‘ and ‘,‘ are typically treated as delimiters, so they endthe injection if they aren’t URL-encoded.

Conclusion

Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.

For more Updates Visit: amadahmad.blogspot.com


Who's Tracking Your Smartphone?


 Safety should always be our top priority. With the help of just a few short codes, you can find out more about the settings of your phone and work out whether or not your messages and information are protected and whether you’re being tracked.

We has gathered together some of the most useful and important codes for smartphones all in one article, together with some instructions for those who’re worried about being tracked.

With this code, you can find out whether your calls, messages, and other data are being diverted. The status of the different types of diversions that are taking place along with the number the information is being transferred to will be displayed on your phone’s screen. This function is most often set up by either jealous partners or parents who are trying to protect their kids from spam or criminals. Elderly people often become victims of this practice when they lend their phone to a stranger to make a single call. If they do so, they risk having information about where they live, who their friends and family are, their habits and daily activities, and even their financial circumstances passed on to criminals.
Dial this code if you want to find out where calls, messages, and data are being redirected to if it seems that no one can get through to you. The chances are in this case that your voice calls are being redirected to one of your cell phone operator’s numbers.
This is a universal code for switching off all forms of redirection away from your phone. It’s a good idea to use this before you have to use roaming. In this case, money won’t be taken from your account for calls that are redirected by default to your voice mail.
With the help of this code, you can find out your IMEI (International Mobile Equipment Identifier). If you know this number, you can find your phone if someone steals it. When switched on, its location is automatically conveyed to the network operator even if a different SIM card is inserted. If someone knows your IMEI number, they can find out the model and technical characteristics of your phone.
Special codes exist that allow someone to track your location and also to determine whether someone is following you. For this, you need the utility net-monitor. Type in one of the following codes:

for iPhone: *3001#12345#* 
for Android: *#*#4636#*#* or *#*#197328640#*#*

Step 1. Go to the section called UMTS Cell Environment, then UMTS RR info, and write down all the numbers under Cell ID. These numbers are the basic stations located nearby. Your phone will connect by default to the one that emits the best signal.

Step 2. Go back to the main menu, and click on the MM info tab, then on Serving PLMN. Write down the numbers under Local Area Code (LAC).

Step 3. With the help of these two numbers and an ordinary website (the fourth tab to the left), you can determine the location on the map of the basic station that your phone is connected to.

The ones to be suspicious of are mobile basic stations — this could be a truck or small bus with a large antenna. These kinds of vehicles are used at rock festivals and in places where Internet coverage is poor. If there’s one of them nearby, seemingly without any logical reason, it’s just possible that someone is engaged in spying.
If you use Android, you should periodically check your phone for viruses. Place Raiders one of the most dangerous ones that can infect your device. Developed by American experts, it was meant to show how vulnerable our devices are. Once it gets onto a phone, this Trojan takes a series of photographs of the surrounding area, creates a 3D model of the building you’re in, and then takes advantage of any Internet connection to send the data that it’s gathered, adding along with it all the data on the phone and your passwords.
  • National security agencies in virtually all countries now cooperate with cell phone operators, who often provide the former with access to information on any of their customers provided they have a warrant from a court. As a minimum, they provide data from the last three months.

  • If your phone has been tapped by a security agency, the chances are you won’t even notice. If a phone makes odd noises during a conversation, loses battery power rapidly, overheats, or unexpectedly restarts, this is merely an indication that you need to get it repaired rather than a telltale sign that you’re being listened to.

  • People generally don’t reveal all that much in phone conversations, so from the point of view of those who want to listen in it’s much more worthwhile to set up special devices ("bugs") in someone’s home. Radio wave detectors can be used to work out whether such bugs are present in a building.
  • Use messaging apps that are completely closed to outsiders, such as Telegram, Chare, Wickr, or Signal.

  • Determine what information it’s safe to make accessible to all. Should everyone really be able to find out your phone number or have access to information about your family, loved ones, or your lifestyle? Be very careful when posting photographs of children.

  • Don’t install unknown programs on your phone, keep close track of the apps you have installed, and use multiple security locks wherever you can. Don’t click on unsafe links, and don’t connect your phone to suspicious "free" charging points.

  • Only your cell phone operator should ever offer you tracking services, and they should only turn them on with your explicit agreement. Websites and applications that offer to find out the location of other people are almost certainly acting with criminal intent. Be careful!

For More Visit : www.amadahmad.blogspot.com

How To Make A Media Player In C Language In Less Than 1000 Lines Using ffmpeg



Using the rich ffmpeg video library written in C, you can make simple media applications. Based on the updated version of ffplay (sample program coming with ffmpeg), today I’m sharing a way to code your own media player in less than 1000 lines.
If you’are having the knowledge of libraries used for creating video applications, ffmpeg would sound another familiar name to you. This amazing general purpose library performs complex video processing work like decoding, encoding, demuxing and muxing. Written in C, this library decodes most codecs.
If you want to get started with ffmpeg, there isn’t much information available online. In this article, I’ll be sharing the tutorial I found on dranger.com that borrows a C program written by Martin Böhme and uses it to develop a working video player.
To get the video and audio output of the media file, SDL has been used as it’s a good cross-platform media library used in many video games and media software. To compile the programs that’ll be taught in the tutorial, you need to download SDL development libraries on your system and install it.
With an idea queues, mutexes etc. in C and some multimedia basics, you are good to start with making your own media player.
While the program doesn’t make a player to fulfill all your media playback needs, it should be seen as a way to learn more and discover the opportunities to make improvements in the program.
Click here to get started with the tutorial. On each page, there’s a C file that you can download, compile, and follow along.
For more Visit Us: amadahmad.blogspot.com

Do You Know HTML And CSS? Prove Your Skills By Playing Super Markup World In Your Browser



There’s a new game online that you can play in your browser and dust off your HTML and CSS skills. Play Super Markup World now and use HTML commands to save your friend.
Do you know basic HTML? Is Super Mario Bros one of your favorite games? Assuming that you’ve answered these questions in positive, I’ll tell you about Super Markup World.
This game demands the knowledge of HTML and CSS to move ahead. Unlike Mario games, you don’t get to jump here and there or save the princess. Instead, you need to solve a series of HTML puzzles in the command window to save your friend Pixella.
The game doesn’t feature a solid storyline or thrill of famous games, but it allows you to use coding to extend your platform or create new ones to reach the other side.
The description of the game reads:
Pixel and Pixella live in the Super Markup World which was created by the great architect Markup Polo. On a beautiful sunny day when Pixel and Pixella visited the mountainous region of Divland the evil architect Badacss has collapsed all the mountains! Pixella somehow evaded the disaster using a hyperlink tag. But now Pixel and Pixella are separated! It is up to you, Pixel, to find Pixella and destroy badacss.
If you know some CSS, you can use some clever tricks (find them here) and scripts to make your game easier. Note that at the moment this game is only designed for Chrome and performance in other browsers is terrible.
Give Super Markup World a try and test your HTML and CSS skills. Feel free to share your experience in the comments below.

How To Change IP Address in Windows 10: A Visual Guide


When working in a larger environment, we are often asked to change our IP address. To change IP address in Windows 10, we have come up with a visual guide with really simple and easy steps. Follow this Windows 10 guide and change IP address in Windows 10.
Sometimes, it is needed that we change IP address in Windows 10. This mostly happens when we are a part of a large organization like a college or a company and any change in IP policy might want us to change our machine’s IP address.
So, here are the steps on how to change IP address in Windows 10:

How to change IP address in Windows 10

  • On the taskbar of your computer, right click on the internet icon and click on “Open Network and Sharing Center”Open network and sharing center
  • In the Network and Sharing center, click on the connections
    • A new Wireless Network Connection Status window will open up. Click on the properties.Network connection status
    • A network connection status pop-up window will open up. Click onInternet Protocol Version 4 (TCP/ IP v4) if you want to change the IPv4 address of your computer.Network connection status IPv4
    • Now fill in the required IP address and press OK.Change IP address in Windows 10
    • And this is how you change the IP address in Windows 10. Sometimes, along with the IP address, you are also given Subnet mask, Default gateway and DNS Server address by your network administrator. You can use those addresses to fill in the required details.


       Visit for more :http://amadahmad.blogspot.com

How To Set Up A VPN In Windows 10: The Ultimate Guide

How to set up a VPN in Windows 10? — This question is often asked by many Windows 10 users. This is so because Windows 10 has different network settings user interface than its previous Windows versions. Apart from that, to set up a VPN in Windows 10 takes different procedural steps. So, follow our guide to know how to set up a VPN connection in Windows 10.
Avirtual private network (VPN) is a set up to access different public networks across different countries. A VPN extends a private network across a public network, such as the Internet. If you are interested in knowing more about VPN and its working, head over to our in-depth article onWhat is VPN? And How it works?
Here are steps on to set up a VPN in Windows 10:

How to set up a VPN in Windows 10:

Before following this procedure, you need to log in to your Windows 10 with administrative privileges and then follow the below steps
  • Open Settings of your Windows 10 computer to get started with setting up a VPN in Windows 10.
  • Click on “Network and Internet” icon and open the relevant settings.
  • On the left panel, click on VPN and VPN setup window will open.
  • Click on “Add a VPN connection” and a new window will open up to set up the VPN in Windows 10.
  • Fill up the following details under “Add a VPN connection” Window
    • Select Windows (built-in) under VPN provider
    • Give a connection name as per your choice
    • Enter server name or Address
    • Under the VPN type, select “Point to Point Tunneling Protocol (PPTP)”
    • Under the “Type of sign-in info”, select one of the options of your choice
    • Enter Username and password, if necessary
    • Check “Remember my sign-in info” at the bottom to avoid logging in again and again in future
    • Finally, save
  • Now you will see, the new added VPN connection under the VPN Windows
  • Click on that newly added VPN connection and click on “Connect” and that will connect you to your server
  • If you want to re-edit the information of your newly added VPN, click onAdvanced options just beside “Connect”
Advanced options will show you connection properties of the newly added VPN. Click on Edit to re-edit the VPN information.
          Visit for more :http://amadahmad.blogspot.com