WAF BYPASS SQL INJECTION This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a We...

Waf Bypass....

Friday, July 22, 2011 Sensei Fedon 0 Comments

WAF BYPASS SQL INJECTION
This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a Web Application Firewall used to filter certain malicious requests and/or keywords. Is a WAF a safe way to protect my Website? Well, thats a tough question. A WAF alone will not protect your website if your code is vulnerable, but a WAF and secure coding will. A WAF should be used as a tool in your tool shed, but you should never count on a WAF to keep attackers out because most, if not all WAF's can be bypassed with the time and
brains.Today,we will take a look into how exactly to do this

1)Comments:
SQL comments are a blessing to us SQL injectors. They allow us to bypass alot of the restrictions of Web application firewalls and to
kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in
SQL :

Code

  //, -- , /**/, #, --+, -- -, ;
  



0 comments:

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may n...

25 BEST SSH COMMANDS / TRICKS

Sunday, July 17, 2011 Sensei Fedon 0 Comments

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.


SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands

1) COPY SSH KEYS TO USER@HOST TO ENABLE PASSWORD-LESS SSH LOGINS.


ssh-copy-id user@host

To generate the keys use the command ssh-keygen

0 comments: