Hackersidea

Remote File Inclusion (RFI) is an attack technique used to exploit "dynamic file include" mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external URL to be injected. Although most examples point to vulnerable PHP scripts, we should keep in mind that it is also common in other technologies such as JSP, ASP and others. Testing for RFI Since RFI occurs when paths passed to "include" statements are not properly sanitized, in a blackbox testing approach, we should look for scripts which take filenames as parameters.         $incfile = $_REQUEST["file"];         include($incfile.".

Code Injection is the general term for attack types which consist of injecting code that is then interpreted/ executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper input/output data validation, for example: allowed characters (standard regular expressions classes or custom) data format amount of expected data Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL , LDAP, Xpath, or NoSQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code, but frequently hard to discover via testing. Scanners and fuzzers can help attackers find injection flaws. Code Injection differs from Command Injection in that an attacker is only limited by the fu

You want to root your Android Smartphone to make your phone faster, remove bloat ware, increase battery life, allow it to run more apps, custom software and ROMs which allow complete control over every aspect of your device by allowing super user and admin level permission. However, rooting isn’t for everyone. If you don’t know what a command prompt is or you have trouble handling .zip files, please do not use root tool. Also rooting can void your phone’s warranty so please make sure you follow instructions to the letter. Also, always backup your data before you proceed to root your Android Smartphone or tablet! Root Genius is one click root tool designed to work on Windows computer. It helps user to root their Android Smartphone and tablet in single click. Here, we are going to guide you how to use Root Genius to root any Android Smartphone or tablet. Requirements: If you are using any Antivirus Application on your computer then disable it first then

What is God Mode? Windows God Mode is an old trick, but I thought it’d be nice to share it with our readers who don’t know about it. Also, I’ll be telling about all the God Mode folders here, not just a single one. Windows God Mode, as the name suggests, provides you a shortcut and grander access to various control panel settings. It is also known as the Windows Master Control Panel shortcut (All Tasks) or All Tasks folder by different people. By making this God Mode folder, you’ll get access to all the settings of the control panel in your OS within a single folder. This hack was first revealed in 2007 and it works in operating systems higher than Windows Vista i.e. Window 7, Window 8, Windows 8.1, and Windows 10. As you’ll know how to do it, you’ll come across the step of renaming the folder and using the phrase “God Mode”. Actually, God Mode name has nothing to do with this trick. Use your name instead of God Mode and it’ll work just fine because God Mode is

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable. The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team . Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. Who is vulnerable? The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption. Servers Servers that accept RSA_EXPORT cipher suites put their users at ris

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. Plecost retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google. Plecost works in two modes. On the one hand by analyzing a single URL and the other analyzing the results of Google searches (-G). For Downloading plecost http://www.iniqua.com/labs/

RECORD MY DESKTOP RecordMyDesktop is a desktop session recorder for GNU / Linux that attempts to be easy to use, yet also effective at its primary task. As such, the program is separated in two parts; a simple command line tool that performs the basic tasks of capturing and encoding and an interface that exposes the program functionality in a usable way.   The command line tool (which essentially is recordMyDesktop), is written in C, This is the interface of record my desktop it is written in python RecordMyDesktop offers also the ability to record audio through ALSA, OSS or the Before using recordMyDesktop, of this site and in particular,, in order to get a better understanding of how to use the program. Also, JACK audio server it is suggested that you recordMyDesktop produces files using only open formats these are theora for video and vorbis for audio, using the ogg container.