Siber Güvenlik

One git command may cause you hacked ( CVE-2014-9390 Exploitation for Shell )

by

Hello

CVE-2014-9390 is one of the hilarious vulnerability I’ve ever seen. One single git  may cause you hacked! I won’t dive into the details of this vulnerability because of official announcements can be found here ( https://github.com/blog/1938-git-client-vulnerability-announced and http://article.gmane.org/gmane.linux.kernel/1853266 ) . In short, if you use case insensitive operating system like Windows or OSX you have to update your git client, do it right now! Otherwise attackers can insert their own pre hooks into your git directory.

Let’s analyze this vulnerability from penetration tester perspective.

Read more

XSS Security in Django

by
django

You know output encoding is most important thing when topic comes to XSS. Today I’ve decided to write a article about how to secure your Django application against XSS vulnerabilities. Handing XSS cases with Django is more easy than other frameworks. Your Django app is approximately secure against XSS even if you developed it without security  mind. Therefore Django is try to encode specific characters in order to prevent yourself from cross-site scripting. But Django going to be fail  under the some circumstances.

PS : If you think any part of this article needs update or changes, feel free to leave comment. 

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Read more

IBM DB2 SQL Injection Saldırıları

by
IBM DB2

Merhaba

MsSQL, MySQL veya PostgreSQL gibi alışılmış veri tabanına sistemlerini kullanan uygulamalar üzerinde sql injection saldırıları gerçekleştirmek biraz kolaydır. Çünkü hemen hemen tüm veri tabanı sistemlerinin kendi içerisinde geri dönük destek verme mekanizmaları bulunmaktadır. Örneğin MySQL 5.X ailesinde tablo isimlerini tutan yapı information_schema’dır ve farklı versiyonlara yönelik değişiklik göstermemektedir.

Read more