WEB Log   Comments   Sources   Contact me   RSS   About  

    Archive 2008
       January
       February
       March
       April
       May






Why do I like Vista?

Do you like Vista? Not? You have got accustomed to XP. You worked in Vista for a long time and can't work in new environment. Just try to work without a cavil. Vista works well. I work with Vista and do not have problems. You have to find new program if your peace of software doesn't work in Vista. If program doesn't work in Vista, it is bad software. You have to change it to a more secure program.

I like Vista. It gives me more secure environment. Are you accustomed to work as system administrator in Windows XP? You have to change your habit. It is not secure to be a god in your system. Any virus or hacker will be able to crash or destroy your system.

Date: 2008-05-08
[Read more]


Bevel

A bevel is decoration control used to enhance the display of a form by adding a box, a frame or a line. In its uniqueness, although the bevel does not have much functionality but it valuable to make your forms better.

Download my Bevel written on C#. Full source codes available.

Date: 2008-05-07
[Read more]


CyD Database Modeler

I have published source codes of CyD Database Modeler. You can download source codes here:

CyD Database Modeler allows you to create tables without knowing and executing SQL commands. You can model your database in visual window and apply structure to your database. CyD Database Modeler supports Oracle and MySQL databases.

Date: 2008-04-30
[Read more]


Vista with SP1

You have to buy Vista now :)

Date: 2008-04-24
[Read more]


Critical SQL Injection (http://cshe.berkeley.edu/)

Today we shall consider a SQL Injection error on the site http://cshe.berkeley.edu/. There is a mistake in parameter s the script http://cshe.berkeley.edu/publications/publications.php. If you add to parameter " and 1=1 " the script injects it in SQL query. It means, the mistake exists also we can use it.

Let's try to pick up amount of fields which are returned with query. At me it has turned out four fields. The following inquiry was executed correctly.

Date: 2008-03-17
[Read more]


SQL Injection on www.compostingcouncil.org

Today we shall consider a site http://www.compostingcouncil.org. The programmer of a site does not know about security and the majority of parameters are vulnerable. We shall consider following URL:

http://www.compostingcouncil.org/section.cfm

The section.cfm receives parameter id. If to add in the end of parameter single quotes there will be an execution error. We shall consider a mistake more in detail:

Date: 2008-03-05
[Read more]


PHP Include error

Never include, require, or otherwise open a file with a filename based on user input, without thoroughly checking it first.

Take the following example:

if(isset($param)) 
{ 
  include($param); 
} 

Date: 2008-02-25
[Read more]


SQL Injection and PHP

The most commonly used database attack is SQL Injection. The attack is perpetrated by inserting an SQL query instead of a parameter into the URL field, to be executed by the database server. Being able to execute SQL commands on the database server makes it possible to destroy all database data. All that the malefactor will need is to know the names of the database tables. The following material requires basic knowledge of the SQL-92 language, because this is the main language for accessing data.

SQL injection represents one of the greatest threats for the following reasons:

Date: 2008-02-03
[Read more]


Cross Site Scripting (XSS)

Cross Site Scripting (XSS) is one of the most common application layer hacking techniques. XSS is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched. Note that although cross site scripting is also sometimes abbreviated "CSS", it has nothing to do with the Cascading Style Sheets technology that is more commonly called CSS.

Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. Everything from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising is possible. New malicious uses are being found every day for XSS attacks.

Date: 2008-01-23
[Read more]


SQL Ingection on www.newspaperads.com

Today we shall consider popular mistake SQL Injection by the example of a site www.newspaperads.com. It has interested me for the following reasons:

  • Large;
  • This site belong well-known USA Today;
  • The site uses technology ASP+MS SQL Server.

Date: 2008-01-15
[Read more]






Copyright © Flenov.net 2008. All rights reserved
www.flenov.net