Website related

Verifying Technorati claim token

Verifying Technorati claim token

This is a simple guide those of you who signed up to Technorati but have no idea how to confirm the claim token required for you to submit your site.

Follow the below steps:

    Sign in to Technorati
    Click on the submission of your site
    Find the claim token on the next page
    Create a new post on your blog with the token. Example: VVRJ8T4Z97PY
    Click “Return to profile”
    Click “Check claim”

Now the Technorati spiders should have already crawled your blog, simply wait until your submission is reviewed by the Technorati staff!

0

The average user’s introduction to SEO

Search Engine Optimization, what exactly is it?

In short, SEO is the act of optimizing your website or websites to rank well in major search engines such as Google. When done well, SEO can bring you more traffic, more revenue, and allow your site to be more frequently crawled by their web spiders.
SEO is not only referred to as Search Engine Optimization, it is also referred to as Search Engine Optimizer (the person who is doing the optimizing).

How do I go about optimizing my website to rank better in search engines? Easy, grasp some simple concepts and you can be jumping up the search rankings in no time.

Original/Quality Content

This is one of the major variables to help you gain a better search ranking. Your content should be high quality, original, and worthy of being read. Any SEO is aware that the quality of your content is highly important and this can not be stressed enough.

Innovation/Creativity

Okay, this may not be as commonly executed but think about it this way. You’ve created such a “fresh” website that major tech news sites and webpage recognition sites just can’t stay away from talking about you. If done well, this can certainly bring you a substantial amount of backlinks.

Avoid query strings in URLs (Dynamic URLs)

Often people fail to notice the importance of limiting their URLs to something that looks static or “permanent” to search engines. Think of an URL as that specific content’s address on the internet. If major search engine are unable to have something permanent or long term to index, why would they bother?

Read more

4

SQL injection tutorial by for3v3rforgott3n


Contents At A Glance:

Introduction

Finding Vulnerable Sites

Getting Number of Columns

Getting MySQL Version

Getting Database Names

Getting Database User

Getting Table Names

Getting Column Names

LIMIT, What is it and why do I need to know how to use it?

End Notes

Introduction

Note: This is a guest post by Jay Huang, founder of Windows7Center. Some of you may know him as a speaker at Defcon and Blackhat. He will be covering a simple SQL injection approach, and how it is executed, to provide webmasters a holistic view on how a simple attack can be detrimental towards their business.

First of all, if you find that I have written something that is wrong, please address it and I will fix it. I have written this tutorial solely for education purposes, do not contact me regarding anything along the lines of me publishing “full disclosure” information on internet security. I have written this in the hopes that it will not only help educate anyone who is interested in SQL injection, it may also help educate any website owners/coders who are unaware of the risks that they put their company/systems in when leaving a simple issue unattended.

Finding Vulnerable Sites

First you need to know what makes a site vulnerable to SQL injection before you can find and inject vulnerable sites.

The most common reason that a site is vulnerable to SQL injection attacks is because the owner/coder didn’t use the built in MySQL feature ‘mysql_real_escape_string()‘. The purpose of this function is to sanitize or remove special characters from an SQL query. The most common side-effect is the simple username/password exploit ‘ or ’1′=’1. Most website administrators today use this function along with stripslashes() or addslashes() to further sanitize the data, which is actually not all that safe.

Well since I gave you a very basic reason for why certain sites are vulnerable, we will move on to finding some vulnerable sites to play with.

When talking about finding sites to inject you will hear the term “dork” a lot, what this refers to is a google search term targeted at finding vulnerable websites. A “google dork” uses the built in google functions inurl:, or allinurl: to search for websites that have certain strings in their URL or website address, an example of a google dork is: inurl:index.php?id=1, entering this string into the google search engine would return all of the sites in google’s cache with the string index.php?id=1 in their URL, Ex: http://www.example.com/index.php?id=1

Here is a list of “dorks” to use:

http://sql-injection-tools.blogspot.com/2009/06/dork-sqli-by-shafiq.html

Now that we know what a google dork is we can start finding vulnerable sites. To be vulnerable the site has to have a GET parameter in the URL: index.php?id=1, id=1 being the GET parameter which ‘gets’ the 1 ‘id’ from the SQL database(Understand? Good.)

So you are going to go to http://www.google.com,http://www.blackle.com, or http://www.dogpile.com and search for your selected dork. When you get your list you can start checking for vulnerabilities. To do this the most common way is to add a back-tick after one of the integers in the URL

Example: http://www.example.com/index.php?id=1′

Now there are many ways for a site to show you that it is vulnerable the most common are errors:

You have an error in your SQL SyntaxWarning: mysql_fetch_array():Warning: mysql_fetch_assoc():Warning: mysql_numrows():Warning: mysql_num_rows():Warning: mysql_result():Warning: mysql_preg_match():

If you receive any of these errors when you enter the ‘ after the number then chances are the site is vulnerable to SQL injection attacks to some extent, but that isn’t the only way to see if a site is vulnerable, the biggest overlooked error is when a main part of the site just simply disappears, such as a news article or a body of text on the main site. If this happens then it is likely that the site is vulnerable also.

Getting Number of Columns

After you find your vulnerable site the first step you need to take is to find the number of columns in the table that is in use.

Read more

2