www.lonerunners.net
lab.lonerunners.net
In English
Photo gallery with AJAX and Javascript
(photo credits striatic)
I am searching a photo gallery that works using AJAX and Javascript with minimum effort of change server side pages.
I found this list of galleries that seems really good:
e2 AJAX Gallery
FrogJS Javascript Gallery
Highslide
JonDesign’s SmoothGallery 2.0
LightWindow v2.0
Pyxy Gallery
Phatfusion- Image Menu
Phatfusion- Lightbox
Slimbox, the Ultimate Lightweight Lightbox Clone
dhtmlGoodies Image Slideshow Script
Google AJAX Feed API
jQuery Cycle Plugin
Phatfusion- [...]
CakePHP vs Ruby on Rails
Ruby on Rails or PHP, this is the dilemma.
I think that Ruby on Rails is the greatest web development framework i have ever used, but Ruby is too slow, needs the deploy of some libraries, and can be a hell when you need to scale.
On the other side PHP is tedious, but scale well and [...]
ASP.NET and input validation against XSS
The today’s topic is XSS under ASP.NET and how validation filters and request filters works and are applied under ASP.NET.
The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent [...]
What’s new in the Flash 10 security
The new version of Adobe Flash (actually 10 beta) has a variety of features and enhancements aimed to increase the security.
You can read a detailed article of Trevor McCaulery here: http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
It seems that the Adobe security is based on:
require user interaction: to avoid automatic explotation and warn user about flash actions
new features that ovverride olds [...]
splmap 0.6 released
My friend inquis today released one of the best SQL injection tools available to the public: sqlmap.
For the ones of you that do not know this tool yet, sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it [...]
A browser as web hacking platform
A list of Firefox plugins to turn your browser in an hacking platform. This is an improved list based on "Turning Firefox to an ethical hacking platform" from Security-Database.com
Information gathering
Whois and geo-location
ShowIP
: Show the IP address of the current page in the status bar. It also
allows querying custom services by IP (right mouse [...]
Kaminsky DNS Vulnerability for dummies
The easiest and best explanation of Dan Kaminsky DNS Vulnerability that i found on the Net:An Illustrated Guide to the Kaminsky DNS Vulnerability by Steve Friedl
Database datatype comparison sheet
Sometimes when writing automated SQL injection tools or exploit based on SQLi vulnerabilities you can fight with the different implementation of standard SQL datatype of DBMS.Reading a lot of documentation i wrote a comparison sheet between datatypes used by Mysql, SQL Server, Oracle, DB2, SQLite, PostgreSQL, Sybase ASE, Firebird.You can download Adobe Acrobat [PDF] or [...]
Helpful Oracle Queries
A list of helpful Oracle queries and tips.
Returns a list of all tables (System and User)select * from all_tables;
Returns a list of all db_links (System and User)select * from all_db_links;
Returns a list of all views (System and User)select * from all_views;
Returns a list of all table columns (System and User)select * from all_tab_columns;
List current [...]
L’Hard Disk del Columbia
Vi ricordate la tragedia dello shuttle Columbia che esplose ad alta quota nella fase di rientro nell’orbita terrestre? Cito qualche frase da questo articolo:
"Researchers have finally published the results of data recovered from a cracked and singed hard drive that fell to Earth in the debris from the Space Shuttle Columbia, which broke up during [...]