Tab Content
No More Results
About amolnaik4

Basic Information

About amolnaik4
Biography:
Full-Time Security Consultant, Part-Time Vulnerability Researcher
Location:
webr00t

Statistics


Total Posts
Total Posts
277
Posts Per Day
0.12
General Information
Last Activity
10-19-2015 03:34 PM
Join Date
07-06-2011
Referrals
5

11 Friends

  1. ajaysinghnegi ajaysinghnegi is offline

    Garage Member

    • Send a message via MSN to ajaysinghnegi
    • Send a message via Yahoo to ajaysinghnegi
    ajaysinghnegi
  2. allowmymail@gmail.com allowmymail@gmail.com is offline

    Garage Newcomer

    allowmymail@gmail.com
  3. anandtiwarics anandtiwarics is offline

    Garage Newcomer

    anandtiwarics
  4. babloo babloo is offline

    Garage Newcomer

    • Send a message via Skype™ to babloo
    babloo
  5. h3xc0deR h3xc0deR is offline

    Garage Newcomer

    h3xc0deR
  6. push push is offline

    Garage Newcomer

    push
  7. r007k17-w r007k17-w is offline

    Garage Newcomer

    r007k17-w
  8. Sid@0x90 Sid@0x90 is offline

    Garage Newcomer

    Sid@0x90
  9. tush2050 tush2050 is offline

    Garage Newcomer

    tush2050
  10. war_crack war_crack is offline

    Garage Newcomer

    • Send a message via Skype™ to war_crack
    war_crack
Showing Friends 1 to 10 of 11
Page 1 of 2 12 LastLast
View amolnaik4's Blog

Recent Entries

7 Reasons Why You Should Invest in Browser Fuzzing

by amolnaik4 on 08-13-2014 at 10:31 AM


Fuzzing is the process to provide invalid, unexpected input to the application and monitors for crashes. The process can be automated or semi-automated. Fuzzing reveals security bugs which might missed during code audits.

Fuzzing is the black-box approach which do not need any source code. After identifying input methods, one can send invalid, random inputs and look for a testcase which crashes application.

I was involved

Read More

Updated 08-13-2014 at 04:24 PM by amolnaik4

Categories
Uncategorized

SQL Injection Via XSS

by amolnaik4 on 02-07-2012 at 12:19 AM
One of the G4H member mandi from Garage4hackers Forums - Home (my second home) asked few days before about xsssqli attack. He had a scenario where the main site is having a cross-site scripting vulnerability and the admin panel has SQL Injection. The page having sql injection in admin panel is only accessible to admin. The question was is it possible to use xss on main site to exploit sql injection on admin panel to get admin account pwned?

Here is my answer with following scenario:

Read More

Updated 02-14-2012 at 01:05 PM by amolnaik4

Categories
Uncategorized

SQL Injection in INSERT Query

by amolnaik4 on 02-03-2012 at 09:53 AM
SQL injection is being one of the mostly exploited issues in web application security and has found a place in OWASP Top 10 since 2004. There are many blog posts, papers available on SELECT query injection exploiting WHERE or HAVING clauses. Today I’m going to discuss SQL injection in INSERT query.

Here is PDF of the same.
SQL Injection in INSERT Query.pdf

Any suggestions, comments are welcome.

Cheers,
AMol NAik

Updated 02-03-2012 at 10:10 AM by amolnaik4

Categories
Uncategorized

ClubHack 2011 preCON CTF walkthrough

by amolnaik4 on 12-21-2011 at 11:02 AM
This paper is based on the steps I executed to win ClubHack 2011 preCON CTF challenge.

Hope you will like it.

ClubHack 2011, India’s Hacker conference, was held on 3-4 Feb 2011 at Pune, India. They had a pre-conference hacking competition, called as WEBWAR, whose winners can win a free entry to the clubhack event. The winners also qualified to play Treasure Hunt, a physical CTF at clubhack conference.

This post is a walk through for this preCON CTF challenge.

Read More

Updated 12-22-2011 at 09:35 AM by amolnaik4

Categories
Uncategorized