摘要:
Preparation of the Lab Environment: Download and Install Pan-OS from the following website https://docs.gns3.com/appliances/pan-vm-fw.html or https:// 阅读全文
摘要:
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This 阅读全文
摘要:
XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The co 阅读全文
摘要:
SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameter 阅读全文
摘要:
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Fo 阅读全文
摘要:
SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful er 阅读全文
摘要:
SQL INJECTIONWHAT IS SQL?Most websites use a database to store data.Most data stored in it(usernames, passwords ..etc.)Web application reads, updates and inserts data in the database.Interaction with ... 阅读全文
摘要:
VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input 阅读全文
摘要:
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o 阅读全文
摘要:
LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k 阅读全文