null-byte.wonderhowto.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2025-08-14 2025 | SQL Injection 101: Common Defense Methods Hackers Should Be Aware OfSQLi | Reference detailing common SQL injection defense methods including user input escaping, whitelisting, stored procedures, and prepared statements. It emphasizes the principle of least privilege for database accounts and outlines techniques such as parameterized queries to distinguish between code and data, thereby mitigating risks associated with SQL injection vulnerabilities. |
| 2025-08-14 2025 | How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords « NullXSS | Library for crafting XSS cookie stealers in JavaScript, this resource details how to leverage JavaScript's capabilities to exfiltrate user cookies containing sensitive information like passwords. It walks through setting up a basic HTML environment, injecting malicious JavaScript to capture cookies, and utilizing a simple PHP script on a controlled server to log the stolen data. The guide highlights the technique's effectiveness when combined with code injection and explains how to redirect compromised users to avoid suspicion. |
| 2021-12-31 2021 | How To: Use GoScan to Quickly Enumerate Networks & ServicesRecon | Tool that automates network and service enumeration by leveraging Nmap and integrating with other scanners like Nikto and sqlmap. GoScan features interactive tab auto-completion and an SQLite backend for data persistence, and functions as a framework to abstract and streamline reconnaissance tasks. It allows for target loading, host discovery, port scanning, and service enumeration with various options, including dry runs and aggressive scans. While it offers a streamlined approach, users must be aware of limitations such as the inability to issue OS commands directly within the framework and a less direct method for canceling long scans. |
| 2018-06-26 2018 | SQL Injection 101: Common Defense Methods Hackers Should Be Aware OfSQLi | Library on SQL injection defense methods, discussing user input escaping with MySQL examples, whitelisting versus blacklisting, stored procedures, and the superiority of prepared statements using parameterized queries. It also emphasizes the principle of least privilege for database accounts and separate users for different applications to minimize attack impact. |
| 2017-12-12 2017 | How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords « NullXSS | Library for creating XSS cookie stealers in JavaScript. This guide details constructing a script that injects JavaScript into a webpage to capture user cookies containing credentials. It demonstrates embedding JavaScript within HTML and using PHP on a controlled server to receive and log stolen cookie data, with a PHP test server setup for local verification. |