Tagged: web app

How to Detect WebShell on PHP Web Server

View the access log See if there’s a file upload (POST method): IPREMOVED – – [01/Mar/2013:06:16:48 -0600] “POST/uploads/monthly_10_2012/view.php HTTP/1.1” 200 36 “-” “Mozilla/5.0” IPREMOVED – – [01/Mar/2013:06:12:58 -0600] “POST/public/style_images/master/profile/blog.php HTTP/1.1” 200 36 “-” “Mozilla/5.0″...

Penetration Testing in the Real World

A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that computer functionality...

Sql injection Attacks & Defense

SQL injection is through the SQL command into the Web form submit or enter the domain name query string or page request, and ultimately to deceive the server to execute malicious SQL commands. Specifically,...