Month: January 2015

How to add Custom Drivers to VMware Esxi iso image !

How to add Custom Drivers to VMware Esxi iso image ! Hi friends once i have try to install VMware Esxi in my old pc . but it failed because absence of network driver in it , so i have to customise Esxi image and add driver to it For this you will need ESXi-CustomizerDownload from this link used this driver vmware-bootbank-net-r8168.vib Run ESXi-Customizer-v2.7.2 as Admin This will extract to a folder open it and run “ESXi-Customizer.cmd ” as Admin Brwose VMware.iso Browse Destination Browse Driver Browse VMware.iso Run...

Read More

NoSql Injection

JavaScript (server-side) injection vulnerabilities are not limited. NoSQL database engines that process JavaScript containing user-specified parameters can also be vulnerable.  For example, MongoDB supports the use of JavaScript  functions for query specifications etc. Since MongoDB databases do not have strictly defined database schemas, using JavaScript for query syntax allows developers to write complex queries against disparate  document structures. For example,we have a MongoDB collection that contains some documents representing books, some documents representing movies, and some documents representing music albums.  This JavaScript query function  will select all the documents in the specified collection that were either written, filmed, or recorded in the specified time: function() { var search_time = input_value; return this.publishingTime == search_time || this.filmingTime == search_Time || this.recordingTime == search_Time; } If the application developer were building this application in PHP (for example), the source code might look like this: $query = ‘function() { var search_time = ” . $_GET[‘time’] . ”;’ . ‘return this.publishingTime == search_Time || ‘ .‘this.filmingTime == search_Time || ‘ .‘this.recordingTime == search_Time;}’; $cursor = $collection->find(array(‘$where’ => $query)); This code uses the value of the request parameter “year” as the searchparameter. However, just as in a traditional SQL injection attack, since the query syntax is being constructed in an ad-hoc fashion  (i.e. query syntax concatenated along with user input), this code is vulnerable to a server-side JavaScript injection attack. For example, this request...

Read More

Pin It on Pinterest