How to do it?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Re: How to do it?

Post by iistapp on Fri Apr 08, 2011 8:35 am
([msg=56143]see Re: How to do it?[/msg])

On realistic 2 I got a hint about using an SQL injection, so I did some googeling as I said, and no, I believe I found something about it on Wikipedia, and it made sense to me, so I tried it out, and well, success!

My problem now is that I don't know how you guys come up/find all of these SQL injections, so there comes my idea about the people that actually do this quite often, about having a library of some sort or w/e, I have no idea, so I'm just asking questions at the moment, I'm trying to figure out some more about Paros at the moment, but I have to go home soon, and as my harddrive died on my PC at home it's not much that I can do at home.

I don't expect answers to all my questions, as I know I have to do a lot of reading on my own, and I try my best, but some things just seem easier to ask about than find answers to on the Internet. So please be blunt with me if I'm too much here. :)
User avatar
iistapp
Poster
Poster
 
Posts: 134
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: How to do it?

Post by Dwere134 on Mon Apr 11, 2011 11:43 am
([msg=56244]see Re: How to do it?[/msg])

iistapp, as far as a library goes... There are many websites out there with posts concerning "hackers" discovering new flaws in systems etc.
Often times some of these websites will actually have detailed information about various tests performed to discover the flaws, and reading enough of those, your brain will begin to think "hmm maybe I should run this test on this page." or "hmm that doesn't seem similar to this but this might work so I'll try it." and just continuing with trial and error. I haven't found a great number of exploits, but pen-testing a few websites I've found hidden admin-logins before that were set to defaults like a blank user/pass field, or admin/admin etc. Nothing serious about my "pen-testing" I didn't deface the pages, and I wasn't using any tools, just viewed the source code, and basic directory traversal, tried a few different urls from the home page of the site, etc. You're very right you do have to start somewhere, and by coming here you've come to the right place to learn where to start, and how to start etc.
I'm by no means a pro, at all.
My specialties in "security" are really virus removal more than anything. I help my college out with that a lot.
So yeah, just keep reading, and googling as much as you can.
Good luck.
Dwere (David)
Goatboy wrote:
Dwere wrote:I'm not one to start some branch of religion though. Not my thing.

Of course if you wanted to, you could call it the Davidians!
Dwere134
Experienced User
Experienced User
 
Posts: 83
Joined: Mon Sep 27, 2010 5:06 pm
Blog: View Blog (0)


Re: How to do it?

Post by iistapp on Mon Apr 11, 2011 1:02 pm
([msg=56247]see Re: How to do it?[/msg])

Thank you Dwere134, gives me a good boost reading replies like that.

And that is very true! I really enjoy reading on this forum, and it sure have helped me out a few times, so it is indeed a nice place to start out with something new that you want to learn concerning these things! :)
User avatar
iistapp
Poster
Poster
 
Posts: 134
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Previous

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests