Collaborate Disseminate
I already have my mail server (postfix, courier, mysql) and roundcube as my webmail client, Encrypt() is the current password encryption function,
Is there a way to change the default password encryption from Encrypt() function to md5 or … Continue reading Postfix + MySQL ENCRYPT() encryption method change [closed]
I am using Security Shepherd as a training tool and i am now in challenge SQL Injection Escaping Challenge. The challenge is as it can be seen below:
When i am making a query just like the above (just with different tables … Continue reading SQL Injection Escaping Challenge Security Shepherd
I am using Security Shepherd as a training tool and I am now in the challenge, SQL Injection Escaping Challenge.
The Challenge:
When I make a query just like the one above (just with different table names) in a local database in MySQL… Continue reading SQL Injection Escaping Challenge Security Shepherd
Today let’s talk about securing MySQL installation on Ubuntu, in this case specifically Ubuntu 16.04 LTS which was released not too long ago. So I love Ubuntu and I use it for everything, especially the LTS (Long Term Support) releases for servers. MySQL is not my best buddy, but a necessary evil many times – […]
The post Securing MySQL…
Read the full post at darknet.org.uk
Continue reading Securing MySQL Installation on Ubuntu 16.04 LTS
I found that in several websites, [HOSTNAME]/phpmyadmin/setup/index.php is accessible by default without authentication. However, it seems impossible to modify anything or to do security damage. Also, the website database is not accessible… Continue reading Does "/phpmyadmin/setup/index.php" present a security risk?
I’m trying to analyse the test results for blind SQL injection using Acunetrix Vulnerability Scanner.
URL encoded POST input address was set to
if(now()=sysdate(),sleep(0),0)/*’XOR(if(now()=sysdate(),sleep(0),0))OR'”XOR(if(… Continue reading Blind SQL injection with Acunetrix Vulnerability Scanner
I’m trying to analyse the test results for blind SQL injection using Acunetrix Vulnerability Scanner.
URL encoded POST input address was set to
if(now()=sysdate(),sleep(0),0)/*’XOR(if(now()=sysdate(),sleep(0),0))OR'”XOR(if(… Continue reading Blind SQL injection with Acunetrix Vulnerability Scanner
I’m trying to analyse the test results for blind SQL injection using Acunetrix Vulnerability Scanner.
URL encoded POST input address was set to
if(now()=sysdate(),sleep(0),0)/*’XOR(if(now()=sysdate(),sleep(0),0))OR'”XOR(if(… Continue reading Blind SQL injection with Acunetrix Vulnerability Scanner
I have a lot of means of searching for malicious code within the file system, monitoring traffic, scanning log files, checking for suspicious/masked processes etc.
However, scanning a relational database such as MySQL is no easy task. Som… Continue reading How does one scan a MySQL database for malware?
Researcher Dawid Golunski has discovered multiple severe vulnerabilities affecting the popular open source database MySQL and its forks (e.g. MariaDB, Percona). One of these – CVE-2016-6662 – can be exploited by attackers to inject malicious settings into MySQL configuration files or create new ones, allowing them to execute arbitrary code with root privileges when the MySQL service is restarted. This could lead to total compromise of the server running the vulnerable MySQL version. “The vulnerability … More → Continue reading MySQL 0-day could lead to total system compromise