Showing posts with label injection. Show all posts
Showing posts with label injection. Show all posts

20071109

Teaching Without a Net

A post I still haven't put on here is an amazing offer and opportunity that I've gotten locally to help in a classroom, and a few more really good professional connections. Tonight was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first opportunity I've had meeting with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class to actually demonstrate anything.

For a group of students who are learning cyber-defense, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're learning attacking. While most application hacking you can only learn by doing, I was asked to at least demonstrate first. In my professional career, I've enumerated a lot of databases by injection attack, but oddly have never had an opportunity to use SQL injection to enumerate an entire MySQL server. I deliberately didn't try much attacking on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 application before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class, I just verified that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re were holes to work with - I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 thought process is every bit as important as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 specific techniques.

I know, it was nothing shocking, but I thought it was a nice touch to try to do something in a classroom that I had never specifically done. I've enumerated db's with injection attacks, but not mysql.

And completely off-topic, kudos to pdp for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 find on jar url attacks. very slick stuff. Any site that receives uploads of anything in a ZIP format (meaning, almost any kind of archive, including OpenOffice document, JAR, ZIP, blah, blah) becomes a cross-site scripting host - and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script runs in context of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server hosting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jar.