by George Sruthin | Jan 26, 2015 | Howtos, OS, Servers, VMware Esxi
How to add Custom Drivers to VMware Esxi iso image !
Hi friends once i have try to install VMware Esxi in my old pc . but it failed because absence of network driver in it , so i have to customise Esxi image and add driver to it
For this you will need ESXi-Customizer
Download from this link
used this driver vmware-bootbank-net-r8168.vib
Run ESXi-Customizer-v2.7.2 as Admin
This will extract to a folder open it and run “ESXi-Customizer.cmd ” as Admin
Brwose VMware.iso
Browse Destination
Browse Driver
Browse VMware.iso
Run
Enjoy
by Rishi Giri | Jan 1, 2015 | Programming
JavaScript (server-side) injection vulnerabilities are not limited. NoSQL database engines that process JavaScript containing user-specified parameters can also be vulnerable. For example, MongoDB supports the use of JavaScript functions for query specifications etc. Since MongoDB databases do not have strictly defined database schemas, using JavaScript for query syntax allows developers to write complex queries against disparate document structures. For example,we have a MongoDB collection that contains some documents representing books, some documents representing movies, and some documents representing music albums. This JavaScript query function will select all the documents in the specified collection that were either written, filmed, or recorded in the specified time:
function()
{
var search_time = input_value;
return this.publishingTime == search_time ||
this.filmingTime == search_Time ||
this.recordingTime == search_Time;
}
If the application developer were building this application in PHP (for example), the source code might look like this:
$query = ‘function()
{
var search_time = ” .
$_GET[‘time’] . ”;’ .
‘return this.publishingTime == search_Time || ‘ .
‘
this.filmingTime == search_Time || ‘ .
‘
this.recordingTime == search_Time;}’;
$cursor = $collection->find(array(‘$where’ => $query));
This code uses the value of the request parameter “year” as the search
parameter. However, just as in a traditional SQL injection attack, since the query syntax is being constructed in an ad-hoc fashion (i.e. query syntax concatenated along with user input), this code is vulnerable to a server-side JavaScript
injection attack. For example, this request would be an effective DoS attack against the system:
http://server/app.php?year=1995′;while(1);var%20foo=’bar
credits : sql injection attacks and defence.