Information Security blog :)

                             SSI (Server Side Includes)        Injection is a  vulnerability in web applications. It is also in a OWASP TOP-10   A-1 Injection. The attackers and security auditors are  always try to find this of vulnerabilities which allow them to perform a command execution. There are a number of vulnerabilities in the category of command execution, Sql Injection, LDAP Injection, X-PATH injection and one of them is Server Side Includes (SSI) Injection. So, This article is based on SSI Injection. What is Server Side Includes (SSI)? SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the...

                       Session Hijacking in XSS to MYSQL File Hi, after a long Time i am coming with my new post how to Hijack The someone Session. sounds Interesting. is it possible to hijacking or steal someone cookie or someone Session. Yes! it's possible. I am going to telling you how's it Possible.   First! of All, it is also a Web-App Vulnerability. In OWASP TOP-10  A-2 Broken authentication   and Session managment. Covers the Session managment issues. (1) Session sniffing (2) Session fixation (3) Session hijacking First, for non-technical persons, they want to know what is Session or what is Cookie? A session can be defined as a server-side storage of information that is desired to persist throughout the user's interaction with the web site or web application.  A cookie is a small piece of text stored on a user's comp...