HTML5 Form Validations with Pattern Matching

This is another Client Side Validation method No JavaScript or jQuery needed, Thanks to HTML5 because validations can now be done using HTML5 without coding of javascript or any server side language, using HTML5 you can validate forms with pattern, Forms must be validate either using client side or server side because it helps you to collect correct data or valid form values from the users, you cannot trust users blindly, let’s see it. Read more...

Read the rest of this entry »

Posted in HTML5 , Validations

Dynamic Drop Down Menu using PHP and MySQLi

We have already seen tutorial about simple Drop Down Menu using CSS3 and jQuery, and this tutorial will cover creating a Dynamic Horizontal Drop Down Menu with its sub menu using PHP and MySQLi, it’s a simple concept and easy to create with PHP and MySQLi, you can also add and set links in main menu and sub menu from database data using PHP, I’ve used MySQLi object method, so let’s take a look at this tutorial.Read more...

Read the rest of this entry »

Posted in CSS3 , MySQLi , PHP

How to inject,upload shell and Deface Website

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into aweb server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.The most common method of defacement is using SQL injections which allows gaining administrative access. Another method of defacement is through FTP once the username and password are obtained.Defacements usually consist of an entire page. This page usually includes the defacer's pseudonym or "Hacking Codename."...

Read the rest of this entry »

Posted in SQLINJECTION

How To Use PHP Data Object - PDO Tutorial

In this tutorial i want to explain about PDO(PHP Data Objects), this is another and awesome method to interact with MySQL database, PDO are different from the old procedural method and it is improved MySQL extension, and nowadays most of PHP programmers uses PDO extension instead of old MySQL, so I’m going to create here CRUD operations using PDO, It’s easy to create and handle such operations with database using PDO and how to use PDO functions lets see it in detail. Read more...

Read the rest of this entry »

Posted in CRUD , PDO

Error Based Xpath Injection Tutorial

Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file).Querying XML is done with XPath, a type of simple descriptive statement that allows the XML query to locate a piece of information. Like SQL, you can specify certain attributes...

Read the rest of this entry »

Posted in SQLINJECTION

Deathrow Single Row injection

What is Death row ?While injecting a Web application you will usually face it, this is the scenario when the whole array output of the Query do not gets printed. The web application only prints the first.For Example:The query "Select username,password from users;" Will output the complete list of users. but now it depends on how the web application is giving you output. So normally in 70% cases you may have to face "Death Row Injection"To overcome such situation we use Limit or if we are intelligent enough to make a condition through which we can output the data which we actually need. Here we will discuss both of these waysLet us First...

Read the rest of this entry »

Posted in SQLINJECTION

Waf bypass And Show/Dump All Database At One Shot Trick 2015

Today I am going to show you how to bypass Web Application Firewalls (WAF).Let's Begin!How to know if there is a Web Application Firewall?This is pretty simple! When you try to enter a command used for SQL Injections (usually the "UNION SELECT" command), you get an 403 Error (and the website says "Forbidden" or "Not Acceptable").Example:Code:http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4....(We get a 403 Error!)Basic/Simple Methods:First, of course, we need to know the Basic Methods to bypass WAF...1) Comments:You can use comments to bypass WAF:Code:Code:http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4....(First...

Read the rest of this entry »

Posted in SQLINJECTION

Writing Secure Php

In This Course We  Will Cover This Topics .Topics Of the Course !!!what is the threat ? How can you Analyze the threat ?what Types of threats Are out there?How bad is it ?what Threats Are Specific to PHP?what are some resources to find out more ??what are the Consequences when a website is not protected Against Attack?Financial lossLoss of Serviceidentity Theftwebsite infectionwhat are most common forms of aTTack?Cross site Scripting(xss)Remote Code injection session hijacking, fixaion, and request forgery Sql injectionwhat Are the  Most  Common  Vulnerabilities aTTackers can Exploit?unplanned information disclosurepredictable...

Read the rest of this entry »

Posted in iinfinitskills

PHP CRUD Tutorial with MySQLi extension

In this post i want to explain, how you can use an improved version of  MySQL called MySQLi, because after deprecation of MySQL nowadays most of PHP Programmers use MySQLi and PHP Data Objects(PDO), so  we are going to create again CRUD operations with PHP using MySQLi extension. Basically there are three ways of MySQLi to interact with database, simple procedural the oldest way, using Object Oriented method and third one is using statements so I'm going to use in this post Object and statement method. Read more...

Read the rest of this entry »

Posted in CRUD , MySQLi , PHP