- text in red
+ text in green
! text in orange
# text in gray
@@ text in purple (and bold)@@
-
When we are isntalling the new application or the old password still using in the new application, the application might be vulnerable. The way to prevent this situatin is delete the features, components, documentations and samples which are not use that frequently.
-
This is the type of vulnerability in web application security. It happens when security settings and configurations are not properlu set or maintained, leaving the system open to attack.
-
This is use of components in a system. For example, libraries, frameworks. This could be happend when system are built to using components that are no longer maintained or supported.
-
Remove unused dependencies, unnecessary features, components, files and documentation. Only obtain components from official sources over secure links.
-
It happened when attacker try to inject the code into the system. This is allow the attacker to gain access to get information and data.
-
Some commend injections are like SQL, OS command. The way to prevent it is use sturcture SQL, such as table names, column names and so on.
-
Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that.
-
The stock market traders aim to predict the future. If they can buy a stock that goes up in value, they will make money. But they could lost a lot of money at the same time.
-
He spemt months to creating a huge amount of SQL injection. And he got them working.
-
The SEC is an indenpendent U.S. governmet agency responsible for protecting investor, maintaining fair and orderlu functioning of the securities markets, and facilitating capital formation.
-
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
-
This vulnerability already reported and addressed. The remote code execution vulnerability was due to the usage of an outdated third party dependency, Apache Santuario.
This task basically used SQL, I have study SQL course from the second semester, this is not that very difficult for me. :)
- Introducing the world table of countries
SELECT population FROM world WHERE name = 'Germany'
- Scandinavia
SELECT name, population FROM world WHERE name IN ('Sweden', 'Norway','Denmark')
- Just the right size
SELECT name, area FROM world WHERE area BETWEEN 200000 AND 250000
-
Introduction
SELECT name, continent, population FROM world
-
Large Countries
SELECT name FROM world WHERE population >= 200000000
-
Per capita GDP
SELECT name, (gdp/population) as PerCapitaGDP FROM world WHERE population >= 200000000;
-
South America In millions
SELECT name, (population/1000000) FROM world WHERE continent = 'South America'
-
France, Germany, Italy
SELECT name, population FROM world WHERE name IN ('France', 'Germany', 'Italy')
-
What is SQL
-
Data Manipulation Language (DML)
UPDATE Employees SET department='Sales' WHERE first_name ='Tobi' and last_name = 'Barnett'
-
Data Definition Language (DDL)
ALTER TABLE employees ADD phone varchar(20)
-
Data Control Language (DCL)
GRANT ALTER TABLE TO UnauthorizedUser
-
String SQL injection
SELECT * FROM user_data WHERE first_name ='John' AND last_name = 'Smith' or '1'='1'
-
Numeric SQL injection
SELECT * FROM user_data WHERE Login_Count = 2 AND userid =2 or '2'='2'
-
Compromising confidentiality with String SQL injection
-
Compromising Integrity with Query chaining
-
Compromising Availability
DROP TABLE access_log
For the question 7 to 9, I can't find the solution to reslove them, but I am still tring to do for them. :)
-
Find the country that start with Y
SELECT name FROM world WHERE name LIKE 'Y%'
-
Find the countries that end with y
SELECT name FROM world WHERE name LIKE '%y'
-
Find the countries that contain the letter x
SELECT name FROM world WHERE name LIKE '%X%'
-
Find the countries that end with land
SELECT name FROM world WHERE name LIKE '%land'
-
Find the countries that start with C and end with ia
SELECT name FROM world WHERE name LIKE 'C%ia'
-
Find the country that has oo in the name
SELECT name FROM world WHERE name LIKE '%oo%'
-
Find the countries that have three or more a in the name
SELECT name FROM world WHERE name LIKE '%a%a%a%'
-
Find the countries that have "t" as the second character.
SELECT name FROM world WHERE name LIKE '_t%' ORDER BY name
-
Find the countries that have two "o" characters separated by two others.
SELECT name FROM world WHERE name LIKE '%o__o%'
-
Find the countries that have exactly four characters.
SELECT name FROM world WHERE name LIKE '____'