ALL PREMIUM ACCOUNTS

2021-12-18 17:05:26 WINDOWS 11, 10, 7 PRO PHONE ACTIVATION

Key: FDV76-MFYPT-HVH7J-VJXQ4-PW44D
Description: Windows 7 Professional OEM:NONSLP
Sub Type: X15-37359
Error Code: 0xC004C008
Time: 13:28:07 18/12/2021 (GMT+7)

Key: HVCGF-B88MD-7GV96-MTFJR-X4QGP
Description: Windows 7 Professional OEM:NONSLP
Sub Type: X15-37363
Error Code: 0xC004C008
Time: 13:28:07 18/12/2021 (GMT+7)

Key: BTHCB-W8G69-DDBT3-92GFD-3XFHD
Description: Windows 7 Professional OEM:NONSLP
Sub Type: X15-37362
Error Code: 0xC004C008
Time: 13:28:07 18/12/2021 (GMT+7) Ouvert / Commentaire

2021-12-18 15:20:56 সকল আপডেট পেতে আমাদের টেলিগ্রাম চ্যানেলটি Unmute এবং Pin to top করে রাখবেন। তাছাড়া অনেক Important জিনিস গুলো আপনারা মিস করে ফেলবেন। "ধন্যবাদ" Ouvert / Commentaire

2021-12-18 15:19:45 Exploitability –

What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.

Detectability –
How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.

Impact or Damage –
How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.

The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities. Ouvert / Commentaire

2021-12-18 15:19:25 SQL Injection


Description

Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data.
Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data.
The SQL command which when executed by web application can also expose the back-end database.
Implication

An attacker can inject malicious content into the vulnerable fields.

Sensitive data like User Names, Passwords, etc. can be read from the database.

Database data can be modified (Insert/Update/ Delete).

Administration Operations can be executed on the database

Vulnerable Objects

Input Fields

URLs interacting with the database.

Examples:

SQL injection on the Login Page

Logging into an application without having valid credentials.
Valid userName is available, and password is not available.

Test URL: http://demo.testfire.net/default.aspx

User Name: sjones
Password: 1=1′ or pass123
SQL query created and sent to Interpreter as below

SELECT * FROM Users WHERE User_Name = sjones AND Password = 1=1′ or pass123;

Recommendations

White listing the input fields

Avoid displaying detailed error messages that are useful to an attacker Ouvert / Commentaire

2021-12-18 15:19:04 Cross Site Scripting

Description

Cross Site Scripting is also shortly known as XSS.
XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation.
Attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites.
XSS is an attack which allows the attacker to execute the scripts on the victim’s browser.
Implication:

Making the use of this security vulnerability, an attacker can inject scripts into the application, can steal session cookies, deface websites, and can run malware on the victim’s machines.

Vulnerable Objects

Input Fields

URLs

Examples

1. http://www.vulnerablesite.com/home?”