Posts

KingRoot: failure to root ASUS ZenFone 4 Max

Just today, used KingRoot to root ASUS ZenFone 4 Max.   It was not able to jailbreak. 

If you guys want to buy rootable devices by checking KingRoot supported devices,  it is not recommended.

The most viable route for nearly guaranteed rootabiliy is to use Google-owned product line.

Django Security

Django: APIs prone to SQL Injection

.extra https://docs.djangoproject.com/en/2.0/ref/models/querysets/#django.db.models.query.QuerySet.extra For example, this use of extra(): >>> qs.extra( ... select={'val': "select col from sometable where othercol = %s"}, ... select_params=(someparam,), ... ) is equivalent to: >>> qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))
.raw https://docs.djangoproject.com/en/dev/topics/db/sql/ >>> for p in Person.objects.raw('SELECT * FROM myapp_person'): ... print(p) John Smith Jane Jones
.execute do_sql from django.db import connection cursor = connection.cursor() cursor.execute('insert into table (column) values (%s)', (dinosaur,)) cursor.close()from handy.db import do_sql do_sql('insert into table (column) values (%s)', (dinosaur,))RawSQL

Tips for Passing SANS GIAC Exams

Image
Read coursebook at least 3 times. Undoubtedly understand each and every concept.Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization. Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots. Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb materials faster.  From there, you can set up tools in your wide array of VMs/test laptops.  There…

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

Image
<% String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";response.setCharacterEncoding(attacker_controlled_charset);%>

Regular Expression Denial of Service - Java Demo | Practical Exploitation

https://gist.github.com/yehgdotnet/1cb57b55c40afb6d0d0cced57e921868


Output:
[INFO] Executing Regular Expression check on AAAAAAAAAA
[RESULT] String did not match
[INFO] Ended Regular Expression...
[INFO] Executing Regular Expression check on AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.COM........................................................................................................... [Deadloop]

Loose source checking - why referer bypass occurs

Insufficient checking was commonly associated with the flaw that allows bypasses to happen.

This happened when Programmers checks only for "containment" rather than thorough implementation of checking.

Insecure:
public class LooseSourceCheck { public static void showExample(String url){ try{ if(url.startsWith("http://trustedsubdomain")){ System.out.print(String.format("Trusted subdomain: ", url)); } else { throw new IOException("Untrusted subdomain: " + url); } } catch(Exception ex){ } } } Secure:


public class StrictSourceCheck { public static void showExample(){ try{ String[] approved_hosts = { "trust1.yehg.net", "trust2.yehg.net", "trust3.yehg.net", "trust4.yehg.net" }; String url = …