Solved

Noob question:this site is sql vulns?

Posted on 2016-11-07
2
98 Views
Last Modified: 2016-11-11
Site name:  livehosting.ro
Noob question:this site is sql vulns?
what to do?any tutorial?


untitled.JPG
0
Comment
Question by:john lambert
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41877265
Based on the showing, this is a vulnerability called BREACH. It is discovered that by observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream.

See more in  http://breachattack.com/ for the background and importantly this on the mitigation as currently there is no practical solution to this problem
The mitigations are ordered by effectiveness (not by their practicality - as this may differ from one application to another).

Disabling HTTP compression
Separating secrets from user input
Randomizing secrets per request
Masking secrets (effectively randomizing by XORing with a random secret per request)
Protecting vulnerable pages with CSRF
Length hiding (by adding random number of bytes to the responses)
Rate-limiting the requests
1
 

Author Closing Comment

by:john lambert
ID: 41883461
thank you.....
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Insert parts by customer 12 33
SQL View nearest date 5 36
sqlserver get datetime field and create a string 5 18
SQL Function NOT ROUND 9 10
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question