Join facebook group THE HACKER DEVIL
In our last post we had our look on some basics about command injection flaws. So here we will discus how to find and exploit command injection flaws. In last post I told you that to exploit command injection flaws you must be able to interact with system command shell. Suppose anyhow you suspect that the web application interacts with operating system, its time to check it how you can exploit it. Before you exploit I must make clear that there is practically no guarantee that the command shell web application is interacting is its own shell, remote shell or custom built shell also there's no guarantee that output of executed command will be displayed to you on your web browser. Note that an application can issue operating system commands using input provided by user, URL and even stored and processed cookies.
Command Injection Flaws
Command injection flaws are another dangerous type of web application vulnerabilities. Their presence in web application is really very much dangerous since attacker will not be required to use any username or password to execute commands using command injection. SQL injection attacks are also form of command injection attacks. Command injection vulnerability is also termed as OS Command injection vulnerability. In this section we will not really discus about how to perform a command injection attack but have our look on what is it, why web applications became vulnerable to them and threat level because of them.
Spyware Review | Win Spy
Product Name: Win Spy
Product Type: Spyware
Category: Remote Spy
Win Spy is one of those spywares which has got high reputation online for remote monitoring. It has all good features that a hacker may need in a spyware. It can be used to monitor both remote as well as your own system. User interface of Win Spy is damn easy to understand and can even be understood by a novice to spying software. The advantage Win Spy shares over another spywares is its capability to work smoothly even under low bandwidth victim or a victim whose bandwidth is heavily loaded. Though each spyware developer claims that their product can sustain heavily loaded victim or victim with low bandwidth, I think Win Spy made it pretty good to prove it.
SQL Injection Using Havij
Havij is automatic SQL injection tool developed by ITSecTeam. Havij is available in both free and paid version. Paid versions have some extra advantages over free version but for this tutorial we will use free one. First of all download Havij from http://ITSecTeam.com and install it. Copy and paste URL of website which you want scan for SQL injection vulnerability and press analyze.