Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 

Current Page: 1 of 1
Results 1 - 26 of 26
5 years ago
gunwant_s
Interesting! Any idea about how to mitigate this risk in .NET applications?
Forum: DoS
5 years ago
gunwant_s
Thank you all for your responses. @barbarianbob: Do you mean by .htaccess configuration it won't even upload the file in the Temporary directory but will check the content-length? Can you please elaborate on what you said? Thanks
Forum: DoS
5 years ago
gunwant_s
Hi, I was sizing up one of the very underestimated risk associated with the 'upload' feature in applications of different platforms. To elucidate, let me give you an example: An application has an upload feature which allows files no bigger than 2MB. Now if you try to upload a file bigger than that, it will exhibit a message saying 'not allowed to upload big files'. Now if you analyze the se
Forum: DoS
5 years ago
gunwant_s
Hi all, I am not very sure if this question relates to this group but I couldn't find any other place for this question. Feel free to move it wherever appropriate. What I am curious about is the 'Full Trust' configuration in .NET applications, which as we know is the default configuration for an application. Now I understand that 'Full Trust' enables the access of resources which are not mea
Forum: Networking
5 years ago
gunwant_s
I think the solution you mentioned is appropriate if we are considering the stated research question. It has given me another interesting research area on how to implement this technique where we have to put the mentioned methodology into practice besides addressing the time-synchronization issues. Since I've got the idea now, I know how to proceed. Do you know of any application (web/non-web)
Forum: CSRF and Session Info
5 years ago
gunwant_s
@NickWilliams I see what you are saying. You are saying that the OOB-communicated password, message and the time-stamp are concatenated and hashed each time when the client sends the request. ok. And if the adversary captures the communication and then replays it later, it won't work because of the time-stamp mismatch.good. However, one thing that's really bugging me in this technique is
Forum: CSRF and Session Info
5 years ago
gunwant_s
A good guess! www.foo.com/admin/login.aspx www.foo.com/admin.aspx www.foo.com/root/....so on or google it: site:foo.com inurl:admin or look for the documentation of the web application or there are many other ways...Reconnaissance
Forum: SQL and Code Injection
5 years ago
gunwant_s
I have read somewhere PHP6 deploys some technique to surmount that. Do you know if same thing happens in Java or ASP.NET applications?
Forum: SQL and Code Injection
5 years ago
gunwant_s
@Malkav I looked over SRP lately and I think its a very good implementation technique for *authentication* purposes (yes, better than salted MD5 apparently) but I am not sure if it will work on a non-SSL session. Meaning: Will it protect against impersonating someone's SID on a non-SSL? If the adversary imitate the master session key (generated via SRP) to access a behind-authenticated page,
Forum: CSRF and Session Info
5 years ago
gunwant_s
PHP has a wide known issue of file uploads (which I think has been corrected in the latest release). If the application provides you the feature to upload a file of a limited size, it uploads the file first to the temporary folder (/tmp) and then checks if it exceeds the limit. An adversary can create a DoS, by uploading large files a number of times which will result in filling up of all space on
Forum: SQL and Code Injection
5 years ago
gunwant_s
@ NickWilliams Thanks for replying. You said: "With the addition of a time-stamp as more salt in the hash, it will also serve as protection from replay attacks. " You mean besides concatenating the salt, I should also append the time-stamp to it before sending the credentials to the server. You don't think it's already mitigating replay attacks. Any scenario you can provide to s
Forum: CSRF and Session Info
5 years ago
gunwant_s
try again both queries but 1. ; instead of union 2. double quotes instead of single
Forum: SQL and Code Injection
5 years ago
gunwant_s
>pls give me a good paper to learn advance PHP INJECTION http://www.fuckinggoogleit.com No offense :) Prosperity: (filetype:pdf advance php sql injection)
Forum: SQL and Code Injection
5 years ago
gunwant_s
ok well if -- is not for this server then have u tried /* instead of -- Further you can try this: www.Site.com?para=1 UNION Update table Set fld='My Text' where username='abc';/* www.Site.com?para=1 UNION Update table Set fld='My Text' where username='abc';# Try all permutations and combinations. Try to analyze the errors you are getting.
Forum: SQL and Code Injection
5 years ago
gunwant_s
Thanks for your considerate reply. My this reply does not portray that I am arguing on anything but it is just a normal discussion. I could have agreed to your concept of the 'homebrewn cryptology' if you could have given me some logic behind that. Something like "I say it's insecure because it has *this* flaw". I happily accept the fact that in ideal environments one should imple
Forum: CSRF and Session Info
5 years ago
gunwant_s
May be you can try this: SELECT * FROM table WHERE title LIKE '%asdf%' GROUP BY some_field ORDER BY some_field_2 ASC LIMIT 3;insert some statement here;--
Forum: SQL and Code Injection
5 years ago
gunwant_s
You mean how to run script via SQL Injection? If yes, you need to learn PL/SQL and insert the script via method shown below. If you want to run other commands like Update, delete , insert etc. - its basically injecting SQL statements. For example: In an authentication module, if SQL injection is possible, depending on how the module is built, you can insert strings for example: ';insert int
Forum: SQL and Code Injection
5 years ago
gunwant_s
If we put a unique value (nonce) on each page behind authentication and validate the same at the server side for each request akin as in mitigating CSRF, would it mitigate attacks like Session Fixation or Session hijacking ? Thoughts?
Forum: CSRF and Session Info
5 years ago
gunwant_s
@Malkav Thanks for your reply. Oh well, do you really think its a homebrewn cryptology? http://www.owasp.org/index.php/OWASP_AppSec_FAQ#How_does_the_salted_MD5_technique_work.3F http://www.owasp.org/index.php?title=Hashing_Java&setlang=es#Complete_Java_Sample http://en.wikipedia.org/wiki/Digest_access_authentication This scheme is being implemented in many government and
Forum: CSRF and Session Info
6 years ago
gunwant_s
My original question still remains: What mitigatory measures can be taken to protect the session credentials on a non-SSL channel?
Forum: CSRF and Session Info
6 years ago
gunwant_s
The salt (which is stored temporarily in the session object for the particular session instance) is unset after the authentication is successful. So, if you log out and log in again, the salt will be different. No use of rainbow table or even you know the salt for that instance. I read another post on the salt thing which mentioned that the salt is always the same at the server which is insecu
Forum: CSRF and Session Info
6 years ago
gunwant_s
www.Site.com?para=1;UPDATE table Set fld='Hello' where username='abc';--
Forum: SQL and Code Injection
6 years ago
gunwant_s
Can you explain how is that possible if the salt varies each time? The way it is implemented currently is as follows: Client side: Password ---> MD5 = Temp Temp + Random salt ---> MD5 = Result Result is sent to the server. Server side: MD5 stored password + Same random salt ---> MD5 = Result Both results are then compared before access is granted. I thi
Forum: CSRF and Session Info
6 years ago
gunwant_s
You are not getting. The application is using salted MD5 hashing which means the passwords are going in a salted MD5 hashed form (different string each time) as the salt changes each time. So the passwords are safe in the transit and they are safe (in one way) on the server itself i.e. stored as MD5 hashes. But... What I was talking about in the first place is that if the passwords are safe
Forum: CSRF and Session Info
6 years ago
gunwant_s
Hi, There was this application which I was auditing last week which had no SSL implementation. I recommended of salted MD5 hashing besides SSL for a multi-tier protection. Now my question is, if for a site you do not have SSL but salted MD5 implemented, you can protect authentication credentials but not session credentials. If SSL is not acceptable for an application due to some reason (heav
Forum: CSRF and Session Info
6 years ago
gunwant_s
nice
Forum: XSS Info
Current Page: 1 of 1