Application Security Per-Engagement

从来好事天生俭，自古瓜儿苦后甜。这篇文章主要讲述Application Security Per-Engagement相关的知识，希望能为你提供帮助。
1、 an SQLi vulnerability will allow you to do the following

query the database using select statement forezample users table. you might get the password or usersname
Bypass the login page executing successfuly query results
Execute system commands in the database in oreder compromise the web server
Execute inserts.delete commands to manipulate the records in the database

2、Command Injection
we can append other commands after the variable and the application will be to execute it for us , my goal is to make the backend execute someting like this [nslookup [domain name variable ] & & [other command ]

文章图片

3、OWASP top 10
Injection-----> when a attacker can inject and execute a custom command in the backend because of missing sanitization,besides it ,command Injection are more like LDAP、XPath、NoSQLo XML Parsers、STMTP Header
Broken Authentication ------> a hacker finds the user\'s idntity, credentials bouth name and password or web session
Sesitive Data 、 XML External Entities \\ Broken Access Control \\ Security Misconfig \\Cross-site Scripting \\ Insecure Deserialization \\ Using Components with know vulnerability\\ Insufficient logging
4、邮件信息收集
theharverster -d [目标网络域名地址] -l [邮件地址数量] -b [使用的搜索的公共知识库] eg : theharvester -d yalong.cn -l 20 -b baidu

文章图片

文章图片

5、 use Whois search DNS and ip register name and phone number and email
step one we can use the Whois.net the url: http:www.whois.net or another website is NetCraft the url :https://www.netcraft.com/
step two: use the command whois ,the screenshout as follow