Simple SQL Injection testing

In this post I will write my own simple penetration testing, trying to exploit Phrogress with simple common SQL Injection vurnerability. To simplify and automate the testing process, we are going to use tools sqlmap

We are going to test Project Details page. To access the page, we need to be authenticated first, so we need to give cookie header to the sqlmap.

adam@redframe:~$ sqlmap -u "http://0.0.0.0:3000/projects/3*" --headers="cookie: _phrogress_session=ZGpOTUQ5aEFic243ZGxsR1Q2QmsrNzYzbWJlWXZJQjN0ZnBuN0NtYWVaNVV1bzAwS2c1bENQbTlVRHNhdnNEQndqYUg5UkZmdWhqcEJyNWU1clhKem56cHVNeU1XbzdEZVZZc3pCNFE0L2txem8rd2dNdnRNWi8vcmtUMVF5N01JWklnQnBEYjlxVDZYWlRSc2QzbDZLOGhObVFtTHZvZWJGcWx5OGs0bU5HV08xalFyWVBHbzlxeWtLVS9Fc2Fad3A2Y0ViM3VVQ0l0V2NBUEZvV1RqNDVwcmx6dWJ0Q3lmQ1VaS3c0SUlVWm5xZEtFdTU4UUFwNUFPK2gxb3FpTDUxSXNUMjhaSkwvbzZEd0Y2SWRHZXV0d2k4eno2VUM1aXNzTlZueTl3TGF5WWdYZTAyUzk5dHl0aDdnNHd6eElZZXhDcTdlS2ZSa0VRdXNqSGUyUzRhK3BWcmtWaStZcHNkb2UxcGxXYi9qRTl3Q1pBeUtCWVZhTFBmVnU0RGxEMkdvTmtuckNrQUNHUHNUMDlHb0JjTU5qeXorYmZyME1YTnc2dWk0RHRFZVlrUzA3dUhjVkhKQUtETE5ZbFNyci0tR0FYcndKMGVOWlhBaEg1MjhsU3o2Zz09--4341b6586c94c6d60e93abd70df968f889316650"

Continue reading “Simple SQL Injection testing”

ES6 – Compared with current Javascript

The current Javascript standard that is mostly supported are the 5th Edition (or ES5). In 2015, the 6th edition (ES6) is officially finalized, and ES7 is officially finalized in 2016. But, the browser support for ES5 is still incomplete, thus developers should not write their current javascript in ES5 standard. So, developers dreaming to write their code in ES6 (or ES7) should use a transpiler (e.g. Babel) to transpile their code into ES5 code.

ES6 brings many many cool features, which is highly useful for developers in writing their code more cleanly. In this post, it will be mentioned some really useful features added to ES6 which is not there in ES5. Continue reading “ES6 – Compared with current Javascript”