Tag Archives: web crawlers

Blocking Shodan

Posted on by

One of the most popular services to shine light on and enumerate the darkest corners of the Internet is Shodan. It’s a portal-driven service through which subscribers can query its vast database of IP addresses, online applications and service banners that populate the Internet. Behind the scenes, Shodan’s multiple servers continually scan the Internet, enumerating and probing every device they encounter and recording the latest findings.

Source: Blocking Shodan

On one hand, you might empathize with many organizations on the receiving end of a Shodan scan. Their Internet-accessible systems are constantly probed, their services are enumerated, and every embarrassing misconfiguration or unpatched service is catalogued and could be used against them by evil hackers, researchers and journalists.

The History of SQL Injection, the Hack That Will Never Go Away

Posted on by

“When you go to a webpage, and you make a request, that parses part of the data in the request back to a server,” Hunt said. “For example, you read a news article, and the news article, in the address bar it has, “id=1”, and that gives you news article number 1, and then you get another one with ID 2.”

But, “with a SQLi attack, an attacker changes that ID in the address bar to something that forces the database to do something it’s not meant to do,” Hunt said, such as returning a piece of private data.

Source: The History of SQL Injection, the Hack That Will Never Go Away | Motherboard

Another commonly used piece of software is sqlmap. “It crawls the pages on the website, similar to how a search engine crawler might, looks for input forms on the website, and submits the forms with inputs that might cause a MySQL syntax error,” Al-Bassam added.