Collaborate Disseminate
I like to find accounts in leaked databases based on the domain name associated with the leaked mail addresses. Public databases such as https://haveibeenpwned.com/ have this ability partly. Searching is only possible when th… Continue reading How to find accounts in leaked databases based on the domain name?
I am looking for a practical database pentest methodology (database level test). I checked the Internet but there is no much info. Where I should start and on which areas (step by step) should I focus when I define the scope?… Continue reading Database Pentest methodology or list?
I’m envisaging a website where a user signs up, has their own database running somewhere, then provides credentials to the website so that website can access that database. For example, if I was the user, I might be running M… Continue reading What are design and security considerations for a site that connects to its users’ own dbs?
Mongo Lock is a new attack that is aimed at MongoDB databases which have no protection and remote access left open. Mongo Lock is a ransomware threat, which wipes these databases and uses extortion tactics like any other ransomware to…Read more
The p… Continue reading Mongo Lock Ransomware Deletes Vulnerable MongoDB Databases
I’m trying to prevent my search code against SQL Injection, i searched a litle about parameteried queries, and i’m trying to make this script works:
if(isset($_POST[‘pesquisar’])&&!empty($_POST[‘cxnome’])){
$busc… Continue reading Parameterized script is not working [migrated]
I came a cross this data breach where developers of an organization stored some customer PII data on their github account. Common sense tells me that this is obviously stupid and careless thing to do.
My question is that is t… Continue reading Storing customer data securely (compliance)
Excerpt from Redis’ security article:
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or… Continue reading Should I implement access control on databases inside a trusted network?
For example, You are attacking an application that employs two different servers: an application server and a database server. You have discovered a vulnerability that allows you to execute arbitrary operating system commands… Continue reading Is it possible to get data from database server if you are on the application server?
I’m designing a database interface for a system that could store PII. My first focus is on making sure all the data is secure, to do this I have designed the system as follows.
I’m running three separate servers with three s… Continue reading Can you tell me if my design is secure?
I’m new to SQLmap I try to test my own website which is written in PHP for developing my penetration testing skills. I find all databases and table information. But after that what can I do next? Can sqlmap help me to upload … Continue reading How far I can go with SQLmap [on hold]