Comments out rest of the query. Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing the syntax. -- (SM) DROP sampletable;-- # (M) DROP sampletable;# Line Comments Sample SQL Injection Attacks Username: admin'-- SELECT * FROM members WHERE username =…

Kali Linux is a very popular penetration testing platform that provides a variety of security auditing tools used by security specialists and hackers in day-to-day encounters. Tools available on Kali Linux enable the user to gather information, perform exploits, and prevent their devices from being exploited. Installing Kali Linux For beginners, it may…

Crawl all URLs and check for subdomain takeover vulnerability. —

Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using different tools and sources. Some web applications may hide web resources from the public, there is however a way to discover the hidden content. This hidden content can contain…

This list contains a variety of vulnerable websites, vulnerable web apps, battlegrounds and wargames communities. And before you ask, no, there isn’t a particular order to this vulnerable website list in terms of importance or which resources would be considered the “best.” Frankly, I’m not a hacker myself, so I’m…

What is Nmap? Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to…

7 Steps and Phases of Penetration Testing Our internal pentest checklist includes the following 7 phases of penetration testing: Information Gathering Reconnaissance Discovery and Scanning Vulnerability Assessment Exploitation Final Analysis and Review Utilize the Testing Results 1. Information Gathering The first of the seven stages of penetration testing is information gathering. …

XSS Core Idea: Does the page functionality display something to the users? For time sensitive testing the 80/20 rule applies. Many testers use Polyglot payloads. You probably have too! *Multi-context, filter bypass based polyglot payload #1 (Rsnake XSS Cheat Sheet) ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>