web exploitation

Web

I would suggest these two books for beginners and my sections on cybersecurity click here : first link // second link  

Web challenges in CTF competitions usually involve the use of HTTP (or similar protocols) and technologies involved in information transfer and display over the internet like PHP, CMS's (e.g. Django), SQL, Javascript, and more. There are many tools used to access and interact with the web tasks, and choosing the right one is a major facet of the challenges. Although web browsers are the most common and well known way of interacting with the internet, tools like curl and nc allow for extra options and parameters to be passed and utilized.

Getting Started

Command Line and the Web

If you are running linux and want extended functionality (like passing custom headers) in web challenges, bash (terminal) commands are your best bet. cURL is a simple but extensible command-line tool for transferring data using various protocols, and allows users to use HTTP to interact with servers, including POST and GET methods.

Example

To see curl at work, you can simply run curl 8.8.8.8 (Google), and the html of Google's home page should appear.
There are many other options and flags that can be passed to curl, making it an extremely useful tool in CTFs

HTTP (Hypertext Transfer Protocol)

is an application protocol for distributed, collaborative, hypermedia information systems HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser. 

PHP
php is a popular general-purpose scripting language that is especially suited to web development. It was originally created by Rasmus Lerdorf in 1994; the PHP reference implementation is now produced by The PHP Group.PHP originally stood for Personal Home Page,but it now stands for the recursive initialism PHP: Hypertext Preprocessor

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time.
Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this:
UserId:"SELECT * FROM Users WHERE UserId = 105 or 1=1"

The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.
Does the example above seem dangerous? What if the Users table contains names and passwords?
The SQL statement above is much the same as this:SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1

 A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

"so you need to learn sql to understand waht is sql injection "

SQL Injection Based on ""="" is Always True

Here is a common construction, used to verify user login to a web site:
User Name:

Password:

uName = getRequestString("UserName");
uPass = getRequestString("UserPass");

sql = "SELECT * FROM Users WHERE Name ='" + uName + "' AND Pass ='" + uPass + "'"

A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box.
The code at the server will create a valid SQL statement like this:


 SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""="" 

 The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

 how would need more information look here 

  and form practice cyber security visit this link 

                    look for new from  us  

→don't forget give us your opinion in comments