Solved

Noob question:this site is sql vulns?

Posted on 2016-11-07
2
81 Views
Last Modified: 2016-11-11
Site name:  livehosting.ro
Noob question:this site is sql vulns?
what to do?any tutorial?


untitled.JPG
0
Comment
Question by:john lambert
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41877265
Based on the showing, this is a vulnerability called BREACH. It is discovered that by observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream.

See more in  http://breachattack.com/ for the background and importantly this on the mitigation as currently there is no practical solution to this problem
The mitigations are ordered by effectiveness (not by their practicality - as this may differ from one application to another).

Disabling HTTP compression
Separating secrets from user input
Randomizing secrets per request
Masking secrets (effectively randomizing by XORing with a random secret per request)
Protecting vulnerable pages with CSRF
Length hiding (by adding random number of bytes to the responses)
Rate-limiting the requests
1
 

Author Closing Comment

by:john lambert
ID: 41883461
thank you.....
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now