Posts

Showing posts from March, 2018

Django Security

Django: APIs prone to SQL Injection

.extra https://docs.djangoproject.com/en/2.0/ref/models/querysets/#django.db.models.query.QuerySet.extra For example, this use of extra(): >>> qs.extra( ... select={'val': "select col from sometable where othercol = %s"}, ... select_params=(someparam,), ... ) is equivalent to: >>> qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))
.raw https://docs.djangoproject.com/en/dev/topics/db/sql/ >>> for p in Person.objects.raw('SELECT * FROM myapp_person'): ... print(p) John Smith Jane Jones
.execute do_sql from django.db import connection cursor = connection.cursor() cursor.execute('insert into table (column) values (%s)', (dinosaur,)) cursor.close()from handy.db import do_sql do_sql('insert into table (column) values (%s)', (dinosaur,))RawSQL

Tips for Passing SANS GIAC Exams (aka GIAC Exam Review)

Image
Read coursebook at least 3 times. Undoubtedly understand each and every concept.Practically test and be skilful in executing recommended tools and techniques in various scenarios and switches.  Undoubtedly understand the purpose, practical usage and output of each tool and techniques.  There's no need to memorize switches. Practical understanding is different from memorization. Being open-book doesn't mean it's extremely theoretical. You won't literally have a lot of time to open book to seek answers.  Thorough understanding of coursebook is required.   Roughly only round 30% from coursebook might be encountered.  The rest were from case studies that make you derive answers based on given situations/screenshots. Subscribe NetWars access that save you time from troubleshooting with never-tried-before tools and making things work as per course book; hence it lets you absorb materials faster.  From there, you can set up tools in your wide array of VMs/test laptops.  There…

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

Image
<% String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";response.setCharacterEncoding(attacker_controlled_charset);%>

Regular Expression Denial of Service - Java Demo | Practical Exploitation

https://gist.github.com/yehgdotnet/1cb57b55c40afb6d0d0cced57e921868


Output:
[INFO] Executing Regular Expression check on AAAAAAAAAA
[RESULT] String did not match
[INFO] Ended Regular Expression...
[INFO] Executing Regular Expression check on AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.COM........................................................................................................... [Deadloop]