?
Solved

Noob question:this site is sql vulns?

Posted on 2016-11-07
2
Medium Priority
?
138 Views
Last Modified: 2016-11-11
Site name:  livehosting.ro
Noob question:this site is sql vulns?
what to do?any tutorial?


untitled.JPG
0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41877265
Based on the showing, this is a vulnerability called BREACH. It is discovered that by observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream.

See more in  http://breachattack.com/ for the background and importantly this on the mitigation as currently there is no practical solution to this problem
The mitigations are ordered by effectiveness (not by their practicality - as this may differ from one application to another).

Disabling HTTP compression
Separating secrets from user input
Randomizing secrets per request
Masking secrets (effectively randomizing by XORing with a random secret per request)
Protecting vulnerable pages with CSRF
Length hiding (by adding random number of bytes to the responses)
Rate-limiting the requests
1
 

Author Closing Comment

by:john lambert
ID: 41883461
thank you.....
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have a large data set and a SSIS package. How can I load this file in multi threading?
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question