Security 썸네일형 리스트형 주요 파일 헤더 검증 방법 Signature를 정리해놓은 사이트에서 확인한다 http://filext.com/file-extension/JPEG http://www.garykessler.net/library/file_sigs.html 훌륭한 사이트들이다!! 아래는 주요 파일들의 signature # Office File PDF 25 50 44 46 2D 31 2E (ASCII: %PDF-1.) DOC D0 CF 11 E0 A1 B1 1A E1 00 PPT D0 CF 11 E0 A1 B1 1A E1 00 00 00 00 XLS D0 CF 11 E0 A1 B1 1A E1 00 DOCX PPTX XLSX 50 4B 03 04 HWP 48 57 50 20 44 6F 63 75 6D 65 6E 74 20 46 69 6C 65 20 56 (.. 더보기 SQL Injection Cheat Sheet [출처 : http://ferruh.mavituna.com/sql-injection-cheatsheet-oku] SQL Injection Cheat Sheet, Document Version 1.4 About SQL Injection Cheat SheetCurrently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, stra.. 더보기 웹 어플리케이션 취약점 (OWASP TOP 10) 테스트 환경 [출처 : http://teamcrak.tistory.com/127] 원본 URL : http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security BadStore Link: http://www.badstore.net/ Platform: Perl, Apache and MySQL Damn Vulnerable Web App Link: http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/ Platform: PHP, Apache and MySQL Hacme Travel Link: http://www.foundstone.com/u.. 더보기 Advanced SQL Injection [출처 : http://www.jakartaproject.com/article/webhack/116090284801919] 1 개요... 3 1.1 SQL Query. 3 1.2 DML & DLL. 3 1.3 Metabata. 3 1.4 웹 어플리케이션... 4 1.5 일반적인 취약한 로그인 쿼리... 4 2 SQL Injection 테스트 방법론... 5 1) 입력 값 검증... 5 2) 정보 수집... 6 3) 1=1 Attacks. 8 5) OS Interaction. 12 6) OS 명령 프롬프트... 15 7) 확장된 효과... 15 3 회피 기술... 17 3.1 개요.. 17 3.2 IDS “signature” 우회... 17 3.3 입력 값 검증 우회 하기... 18 3.4 회피와 우회.... 더보기 XSS Cheating Sheet [출처 : http://ha.ckers.org/xss.html] XSS (Cross Site Scripting): XSS locator. Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up. Use the URL encoding calculator below to encode the entire string. Tip: if you're in a rush and need to quickly check a page, often times injecting the depreciated "" tag will be enough .. 더보기 이전 1 2 3 다음
