Sekure4Sure

This topic is similar as Manual Sql Injection. But mod_security are protect to hack website. You can see in this screenshot. Now In this tutorial we can learn how to bypass mod_security First we need one Target Website In My case I am using this website: http://www.target.com.pk Finding The Amount Of Columns Now that you found a vulnerable site, you need to find the amount of columns. You can do this by using the "Order By" function. Your link should now look like this: Code: http://www.target.com.pk/pages.php?ID=18 order by 1--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 2--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 3--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 4--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 5--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 6--+ (error) Finding Vulnerable Columns So now that you got the amount of columns, you're going to want to see ...

Heya, as  web and websecurity is getting intense day by day , use of CSRF tokens are becoming a part of web security. Some time ago, use of CSRF token was enough for CSRF protection.Although, CSRF token protection can be bypassed using several  techniques. So This post briefly touches the CSRF Token Protection Bypass Methods. It means that next  time a penetration tester see a CSRF token protection, no need to be sad lol,  he knows what to do next and how to find and exploit weaknesses in CSRF token mechanism. Token Redundancy This flaw in CSRF token protection mechanism uses the same CSRF token multiple times, which means that , the same token can be used in our attack payload which is used by our legit request before. In ideal situation, every token has an expiry which means that once the token is used it get expired and cannot be used again. Although, in Web Applications, poor sense of security by developers can lead to such flaws. While pentesting tokens in...

This issue came to light by Pirate Party founder Rick Falkvinge, who says Google has silently installed black box code into the open-source Chromium browser, meaning it contains pre-compiled code that users cannot see. Exactly what this black box does is still unclear, but Falkvinge claimed that Google is listening to the conversations of Chromium users through this black box of code. The 'black box' code enabled a feature that activates a search function on the browser when you say "Ok, Google," however the code enabled the microphone, as well as permitted to capture audios. "Your computer has been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge," says Falkvinge. Google since defended itself, arguing the ability to use "Ok Google" commands and enable the extension is an opt-in feature. "First and foremost, while we do download...

Big things can come in very, very small packages. Case in point: SanDisk has just released a 200GB microSDXC card, which is as absurdly tiny as the rest of them but offers the most storage to date for the format. Back in March when Sandisk first announced the world's first 200GB microSD card, it was expected to be priced at around $400. However, $240 has been marked as the price for the highest-capacity microSD card available in the market. Sandisk's 200GB microSD card, or Ultra microSDXC UHS-I card, offers a transfer speed of up to 90MB per second, which is double the speed provided by its 128GB counterpart. Granted, all that capacity comes at a price, and removable storage is never cheap - especially at first. The 200GB card sells for £210 (about ₹21,000) whereas the 128GB version is just £58 (₹5800). You could buy three of those for less and have loads more storage, but of course, swapping (and storing) tiny cards like these is problematic. Moreover, San...

Facebook is giving a new "Not On Facebook?" option on the sign-up screen for its messaging app, which allows anyone to create an account for the Messenger app using his or her first name and phone number. Don't have Facebook account but want to use its Messenger service? Then go for it because Mark Zuckerberg wants even the people who hate Facebook to use the social network's separate Messenger service. So, you no longer need an active Facebook account to make use of the Messenger service, all you need is just your name and phone number, the company announced today. Users with non-Facebook accounts will enjoy the same Messenger features, including voice and video calls, payments, stickers and GIFs. Facebook currently started offering this option for people in the United States, Canada, Peru, and Venezuela; the rest have to wait for the feature. The only and major difference for non-Facebook users will be features that rely on the network of Faceb...

Trend Micro has found a new vulnerability that exists in phones running Android IceCream Sandwich to Lollipop. The vulnerability in the debugging program of Android, Debuggered, allows a hacker to view the device's memory and the data stored on it. You can create a special ELF (Executable and Linkable Format) file to crash the debugger and then you can view the dumps and log files of content stored on the memory. The glitch in itself is not a big threat but the type of data it can give a hacker access to can lead to a difficult situation. Google is said to be working on a fix in the next version of Android for this.

Sensational stories! Wow, the only one thing common which we all love. Especially on social medias, we do not think even hesitate before clicking any sites or email to read such stories. However, researchers say that we need to be vigilant and skeptical when reading sensational stories on social media sites or in emails. People should visit trusted news sources for information instead of clicking on random links online, go directly to your trusted news source because few days ago, a Brazilian singer and songwriter Cristiano Araújo lost his life in a car accident. After his death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware. The malware is detected as "Download.Bancos", a well-known banking malware that has been plaguing South America for a whi...

A hacker group has announced on Reddit that they have hacked Ola Cabs database, and have access to critical information such as credit card details, transaction history and voucher codes (unused). The hackers announced on Reddit, “Once we got to the database it was like winning a lottery. It had all the user details along with credit card transaction history and unused vouchers. The voucher codes are not even out yet..” Although this unknown hacker group has assured everyone that they won’t be using or saving any credit card details and unused voucher codes, there exist immense apprehensions after this announcement of hacking. Calling themselves ‘Team Unknown’, this hacker group has posted three screenshots of the data base which allegedly belongs to Ola Cabs: As we can see in the first screenshot, hackers have access to email ids of various employees and users, phone numbers and named. In the second screenshot, the hacker has shown that he can access ...