Recently true-caller and Tango messenger is hacked by Syrian-Electronic-Army.And large amount of Database has been stolen. Now what is common in these sites?They have word-press 3.5.1 which is vulnerable to some attack.A weakness and multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious...

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to bypass its filter , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available...

Wpscan is wordpress security scanner, which is pre-installed in backtrack 5 , but it`s outdated version, so when you tried to update it, you may  have face some problems. Here is solution which work for me.cd /pentest/webrm -rf wpscangit clone https://github.com/wpscanteam/wpscan.gitcd wpscangem install bundler &&...

Bypassing Filter to Traversal AttacksIf your initial attempts to perform a traversal attack, as described previously, are unsuccessful, this does not mean that the application is not vulnerable. Many application developers are aware of path traversal vulnerabilities and implement various kinds of input validation checks...

Path traversal vulnerabilities arise when user-controllable data is used by the application to access files and directories on the application server or other back-end file system in an unsafe way. By submitting crafted input, an attacker Exploiting Path Traversal may be able to cause arbitrary content to be read from,...

What is BRUTE-FORCE attack ?A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries...

w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.Download:-The framework can be downloaded from the project main page:http://www.w3af.com/#downloadInstallation:-Some of the requirements are bundled...

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons...

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.or 1=1or 1=1--or 1=1#or 1=1/*admin' --admin' #admin'/*admin'...

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration...

Today is the age of computer and internet. More and more people are creating their own websites to market their products and earn more profit from it. Having your own website will definitely help you in getting more customer purchasing your products but at the same time you can also also attract hackers to play around...