Although windows supports shared memory through its file mapping API, you can’t easily inject a shared memory mapping into another process directly, as MapViewOfFileEx does not take a process argument. However, you can inject some data by allocating memory in another process using VirtualAllocEx and WriteProcessMemory. If you were to copy in a handle using … Read more
This is a bookmarklet code to inject jquery in any webpage: javascript: (function (){ function l(u, i) { var d = document; if (!d.getElementById(i)) { var s = d.createElement(‘script’); s.src = u; s.id = i; d.body.appendChild(s); } } l(“https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js”, ‘jquery’) })(); Update: I removed the http: part from the URL per @Monkpit comment, which is … Read more
I found the way to do this: http://nginx.org/en/docs/http/ngx_http_sub_module.html location / { sub_filter </head> ‘</head><script language=”javascript” src=”https://stackoverflow.com/questions/19700871/$script”></script>’; sub_filter_once on; }
The best technical solution would be to do something that causes the loader code to not be able to run properly after your process initializes. One way of doing this is by taking the NT loader lock, which will effectively prevent any loader action from taking place. Other options include patching the loader code directly … Read more
Any query can be injected whether it’s read or write, persistent or transient. Injections can be performed by ending one query and running a separate one (possible with mysqli), which renders the intended query irrelevant. Any input to a query from an external source whether it is from users or even internal should be considered … Read more
You can find out how an application will run and change it statically using the CorFlags application. To find out how the application will run, use: corflags <PathToExe> To change how the application will run, use: corflags /32bit+ <PathToExe> This will make the EXE file run as a 32-bit process. The information about how the … Read more
mysql_real_escape_string used when insert into database htmlentities() used when outputting data into webpage htmlspecialchars() used when? strip_tags() used when? addslashes() used when? htmlspecialchars() used when? htmlspecialchars is roughly the same as htmlentities. The difference: character encodings. Both encode control characters like <, >, & and so on used for opening tags etc. htmlentities also encode … Read more
You think that’s it? Check this out. Whatever approach you take, you definitely need to use a whitelist. It’s the only way to even come close to being safe about what you’re allowing on your site. EDIT: I’m not familiar with .NET, unfortunately, but you can check out stackoverflow’s own battle with XSS (https://blog.stackoverflow.com/2008/06/safe-html-and-xss/) and … Read more
This “feature” can be disabled by sending the non-standard HTTP header X-XSS-Protection on the affected page. X-XSS-Protection: 0
When articles talk about parameterized queries stopping SQL attacks they don’t really explain why, it’s often a case of “It does, so don’t ask why” — possibly because they don’t know themselves. A sure sign of a bad educator is one that can’t admit they don’t know something. But I digress. When I say I … Read more