whoamiSecurity Researcher @ Netsparker Ltd.
Developer @ Another Times
Writer @ Ethical Hacking “Offensive & Defensive” Book
Blog: omercitak.com
All Social Platform: @Om3rCitak
cross site scripting
• Reflected XSS• DOM Based XSS• Stored XSS
reflected cross site scripting
reflected cross site scripting
dom-based cross site scripting
stored cross site scripting
stored cross site scripting
stored cross site scripting
sql injection
• Union Based SQL Injection• Blind SQL Injection• Time Based SQL Injection
union based sql injection
blind sql injection
• Ya hatalar gizlenmiş ise? (error_reporting(0))
• Ya mysql_* fonksiyonlarının başına «@» konulmuş ise?
blind sql injection
blind sql injection
blind sql injection
time-based sql injection
• Ya arka planda çıktı vermeyen bir query çalışıyor ise?– Count Query– Update Query– Insert Query– Delete Query– Relationship Query
time-based sql injection
time-based sql injectionMySQL Server
Microsoft SQL Server
Oracle Server
sql injection poc
Uluslararası Af Örgütü (amnesty.org.tr)
sql injection poc
where is the güvenlik?
thanks
www.omercitak.com
All Social Platform: @Om3rCitak