Issue 39, April 2013

Hello Readers, We have good news for all readers. The good news is "This winter ClubHack goes international :). Meet us in MIDDLE EAST in December 2013. http://clubhack.com/2013gcc

Details to follow soon. If you have any questions just drop your comments on http://www.clubhack.com/clubhack-goes-international/ & we'll update the post with more answers".

Coming Back to April Issue. This issue covers Exploiting multiple vulnerabilities in ChillCMS in Tech Gyan, FatCat v2 SQL injector in Tool Gyan, Understanding Governance in GRC Gyan, Indian Evidence Act and Digital Evidence in Legal Gyan and Wordpress Security in Mom’s Guide. Hope you are enjoying reading the magazine. Don't forget to send your feedbacks, suggestions, articles to [email protected]

 

0x00 Tech Gyan

Exploiting Redirect Page Vulnerability

"If it ain't broke, don't fix it" is a wide spread phrase. Web developers usually develop applications based on this criteria and often forgets about security. This article discusses about such a security issue often neglected by developers.

When creating protected parts of a web application, developers checks whether the user is actually authorized to access the same or not. If the user is authorized, all are fine and the access permission is granted. If in case the user is not authorized a simple redirect is used to redirect user to a different section or page, like a log in page.

0x02 Tool Gyan

Fatcat V2 Auto [S]ql-Injector

Fatcat is open source web application pen tester tool freely available for download. Fatcat SQL injection is developed for reducing the processes of while exploiting SQL injection vulnerability and exploiting SQL injection profoundly.

0x04 Mom's Guide

Wordpress Security

You must have heard the name Wordpress as it has become popular term across the social media world. I am not going deep into explaining what Wordpress is but here is a short introduction to Wordpress – It is a free and open source advanced blogging platform & content management system (CMS) developed using widely used server side scripting language PHP & database MySQL. In past it was just a blogging platform available on Wordpress.com and then available as open source software at wordpress.org to create websites & blogs.

0x05 Code Gyan

Automatic Request Filter in PHP

Filtering plays a very important role when you are thinking about securing your application against malicious attacks. Security is a very important aspect while developing a web application. There are several kinds of attacks that could be used to break into your web application. Based on the kind of attack the results that hacker gets also varies. Suppose you have SQL injection vulnerability in your application using SQL injection vulnerability an attacker can do lots of things, simplest being getting information related to users registered in your web application. And when a hacker has information about your user he can do a lot of things. However we are not going to discuss it in detail.

0x01 Legal Gyan

Indian Evidence Act and Digital Evidence

The Indian Evidence Act, 1872 contains set of rules and regulations regarding admissibility of evidence in the Indian Courts of law. Indian Evidence Act was passed by the British Parliament in 1872 setting up a path-breaking judicial measure by changing traditional legal systems of different social groups and communities. Since then from time to time amendments are made in the Indian Evidence Act to make it compatible with changing times.

Matriux Vibhag

theHarvester: Intelligence Gathering

The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client. We can say that Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking.

Special Feature

Impact of Cybercrime on Businesses

IT security is more important for businesses than ever.

A study that was carried out by the Ponemon Institute has revealed that businesses lacking in IT security could be losing over £200,000. The study, entitled “Impact of Cybercrime on Businesses”, surveyed 2,618 C-level IT security and executive personnel with the aim of finding out what everyone has in common. The survey spanned the United States, United Kingdom, Hong Kong, Brazil and Germany. It was found that in the latter country, cyber-attacks cost businesses more than anywhere else, with the average cost being around $298,359. The average cost that cyber-attacks will have on companies in the United States is $276,671, if they are successfully carried out.

GRC gyan

Understanding Governance

Governance is the system by which an organization is directed and controlled. It consists of a set of responsibilities that give strategic guidance to management to run the organization smoothly. Its core principles are driven by maintaining organization vision, shareholder and stakeholder confidence, business values, adherence to compliance, proper risk mitigation and resource utilization. The Board of Directors is the legal representative of the governance for an organization. All decisions are made by the members of the "Board" typically comprising of Directors, management representative (CEO), major shareholders and other stakeholders.