Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
This is not a programming question but I have no idea why I did it.
Yesterday, I was going through a tutorial about ethical hacking and found a tutorial about SQL injection. It says, find an admin login.asp site and enter as follows:
Admin: Admin
Password: ' or '1'='1
I really don't know what is that and how it works. But, when I tried the same for a website, I was shocked by the result. It gave me a warning like "... your IP address ip xxx.xxx.xxx.xxx and you may be prosecuted for this action ... etc" I was really scared by the warning. I had no intention to do anything, I was just following the tutorial.
Can anyone tell me what will happen to me? I am really worried about this.
To sum up what happened:
You attempted to inject SQL through whatever method you tried.
Their website was smart enough to recognize your input.
They generated an automated threat and sent it back to your browser.
I doubt you have to be worried. Their website most likely gets these kinds of attacks quite often and the amount of money they need to spend to prosecute is pretty great and that is only IF it is considered illegal in your region.
You should send them an email where you describe that you wanted to study techniques to avoid SQL injection attacks on your side. You should apologize and I'm sure there will be no problems.
Related
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How can I prove that images were stolen from a website?
Is there any way to check from when an another website have the same images? I have no any access to the server.
Thanks for any idea!
UPDATE:
No, I'm not the one who forgot watermark. An old client of mine just found me with this question. Actually found Google cached page which we can use, but still interested if any other solution is exist. Like any image format contains any date attribute in it?
If you're using a Unix-based operating system, you might have access to cURL. Try running
curl --remote-time --remote-name http://url-to-your-image/
and see if you get a timestamp that is different from the exact time you downloaded the file. Not all servers respond with the time, but it might be worth an attempt.
But generally, if it's your original work, then you should have a copy of the image with higher resolution and/or lower compression rate, right? That should be enough to prove which of the images is the stolen one. Intellectual property rights on the Internet is a mess, though, for several reasons. But even if you can't take legal actions, you might have better luck convincing an administrator to remove the content.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
A site I just started to manage is not banned in Google because I can find the domain in the index, but it gets extremely poor ranking -- almost nowhere to be found.
Does anyone know of a good method for determining how and/or why a site gets a poor ranking in Google. The site I have has been around for a while and is very rich with content relative to "youth sports". Yet you can hardly find it in the Google.
Sorry for asking this question here, but if you have ever posted anything to the Google Help and User forums you;ll find you get no responses or assistance. SO is the only place I can ever get exceptional and timely help.
There is no way to tell for sure as no one knows exactly how pages are ranked. However, we do have a pretty good idea of what many of the ranking factors are so we can be sure do them to help our chances of ranking well. This question at Pro Webmasters is a good start. So is this answer. Once you're sure you got the basics down you need to promote your website in the hopes of getting quality links to your pages. But if you don't have quality content (and what you call quality content may not be what Google and others call quantity content) you're not going to stand much of a chance of ranking well.
Did you use any dirty tricks like white text on white background to contain some false keywords etc.? Google continually discovers these tricks and penalizes them. Cheating doesn't pay off. I don't tell this is your case, but I just want to warn against it, in general.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am always interested in hacking, I understand the concept of SQL injection and cross site scripting. However, the thing I don't know is how to detecting a possible SQL injection. I have checked some books, but I didn't get too much information. Do hackers do the detection work by hand or they have smarter automatic tools?
So, I'm thinking of writing a simple tool to do automatic injection check (using qwebkit). I want to capture the http requests before sending them and replace some form data of the http header with SQL injection commands. The program checks the http response and compare it with a normal response and reports any difference.
The thing is that I have never found a SQL injection myself, so is this idea valid?
Say, if I successfully upgrade myself to administrator of certain website, the returned http response should look normal. So I shouldn't be able to automatically report that with my program?
You probably want to take a look at the SQL Injection Cheatsheet. It lists the tricks hackers will usually try to determine whether a particular input field is exploitable and then to extract data from the database.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I am going to be taking over from a developer here at work soon. Hence, I'll be supporting all the applications that he has written over the last few years.
My question is, when supporting an application that you probably don't know much about, what kind of documentation is most helpful to get a handle on how to fix problems, extend functionality, modify functionality, etc? I'm thinking it would need to give you an overview of what the software does, what interfaces it has to other software, what databases it uses, usernames, passwords, and so on.
Is there such a thing as a software support document? Referrals to any templates would be most helpful.
BTW, unfortunately, there are no requirements documents, specs, etc! So, really my question is, if my colleague had a day to write a single document for each application so that I could (more easily) support it, what would that document be and/or what would it look like?
I would ask for primarily some sort of flow chart/schema of the way the app functions.
I would want to be able to know how each file interacts with other files (and the database). So this way, you'd know where to start to fix a bug or add a new feature, etc.
So to do a quick, text mockup of it:
Index.php -> Login.php -> Dashboard.php
Index.php:
Has login box. Submits login into to login.php
Login.php:
Verifies data with database entries, shows error on fail or sends to Dashboard.php
Dashboard.php:
Once logged in this acts as a main menu
Something along these lines? For basic documentation I'd think this is the way to go.
Hope this helps. Good luck!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Before I go crazy and try to script a way to lock folks out of their accounts on multiple failed attempts, is a captcha ideal? I've seen several sites that do this, but wasn't sure how effective it would be. Granted, if a human is indeed trying to "hack" into someone else's account, I would think blocking access for a few minnutes would be much better than having them input some random obscure characters.
CAPTCHAs are a common solution. They're rarely ideal.
One suggestion: Offer x chances (say 3) at which point you lock the account and then require some sort of email validation to unlock.
Otherwise, I think giving 1 or 2 freebie chances is fine and then switching over to a CAPTCHA'd login is acceptable.
If you aren't having spambot problems, CAPTCHA's are rarely a good solution. They are just annoying. I agree with DA's email verification idea.