Firstly, the venue. Goa ! Oh, it was divine. Frankly, nullcon should be always in Goa. Perfect blend of electric atmosphere and aesthetic calmness of nature. Seriously, you have to be there to feel it. Me, Ap4Ch3, akm.coder and Snypter arrived 2 days ahead of conference. Had a great time exploring Goa. Already, most of the people from null were beginning to pour in. ------------------------------------------------------------ ...
Updated 02-25-2012 at 04:05 PM by abhaythehero
One of the G4H member mandi from Garage4hackers Forums - Home (my second home) asked few days before about xsssqli attack. He had a scenario where the main site is having a cross-site scripting vulnerability and the admin panel has SQL Injection. The page having sql injection in admin panel is only accessible to admin. The question was is it possible to use xss on main site to exploit sql injection on admin panel to get admin account pwned? Here is my answer with following scenario: ...
Updated 02-14-2012 at 01:05 PM by amolnaik4
SQL injection is being one of the mostly exploited issues in web application security and has found a place in OWASP Top 10 since 2004. There are many blog posts, papers available on SELECT query injection exploiting WHERE or HAVING clauses. Today I’m going to discuss SQL injection in INSERT query. Here is PDF of the same. SQL Injection in INSERT Query.pdf Any suggestions, comments are welcome. Cheers, AMol NAik
Updated 02-03-2012 at 10:10 AM by amolnaik4
Recent Comments