What is the .htaccess file and what do I use it for?

.htaccess - The Point of Discussion HT(Hyper Text) access file is actually a directory level configuration file which supports handsome number of servers and those webservers allow administrators for decentralized management of Web Server Configuration. The original purpose of .htaccess ” is reflected inside its name was to allow per-directory access control, for example: requiring a password to access the a directory or file. Nowadays it is used for various other purposes, as .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc it could very useful for penetration testers as well as webmasters.

Tags: 0 Comments

DOM XSS Explained - Part 1


Cross Site scripting (XSS) has been a problem for well over a decade now, XSS just like other well known security issues such as SQL, XPATH, LDAP Injection etc fells inside the category of input validation attacks. An xss vulnerability occurs when an input taken from the user is not filtered/santized before it's returned back to the user. The XSS can be divided into the following three categories:

Tags: 1 Comments

Hacker's Dome - First Blood CTF

When it comes to Information Security, there's a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best ways to learn security hands on.


A Tale Of A DOM Based XSS In Paypal


We have already disclosed lots of findings related to DOM Based XSS and this article talks about a pretty interesting DOM Based XSS vulnerability i found long time back inside paypal. A DOM Based xss vulnerability also known as the third type of XSS vulnerability or type 0. This vulnerability occurs due to the fact that developers don't sanitize the input before it reaches a sink. A Sink is defined as anything that generates HTML, not every sink is considered as dangerous, however there are some common sinks that should be avoided and are mentioned at DOM Based XSS wiki .

Tags: 8 Comments

Introduction To SQLmap And Firewall Bypassing


Most cyber-attacks in the world that involve websites occurs due to lack of updates and the failure to validate the user input. Starting from buffer overflow vulnerability, which is a system level vulnerability up to the vulnerabilities that exist today, the fundamental problem has always been the input validation. One of the main threats is SQL Injection that left many worried about their application and databases. The problem is more then a decade old, but still is present inside lots of websites. SQL injection like all other major web application security problems fall in the category of input validation attacks.


A Beginners Guide To Using IPTables


Readers, there are numerous reasons ... It is well known that the Internet is an unmanaged an decentralized network, running under a set of protocols, which are not designed to ensure the integrity and confidentiality of information and access controls.
There are several ways to breach a network, but these ways do nothing more than take advantage of flaws within network protocols and services.

Tags: 0 Comments

Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.