Skip to main content

Posts

Showing posts from November, 2016

How to generate exceptions in virtual constructors

It is possible that exceptions might raise in a constructor or destructors. If an exception is raised in a constructor, memory might be allocated to some data members and might not be allocated for others. This might lead to memory leakage problem as the program stops and the memory for data members stays alive in the RAM.   Similarly, when an exception is raised in a destructor, memory might not be deallocated which may again lead to memory leakage problem. So, it is better to provide exception handling within the constructor and destructor to avoid such problems. Following program demonstrates handling exceptions in a constructor and destructor: #include<iostream> using namespace std; class Divide { private: int *x; int *y; public: Divide() { x = new int(); y = new int(); cout<<“Enter two numbers: “; cin>>*x>>*y; try { if(*y == 0) { throw *x; } } catch...

How to work with virtual constructors and destructors in C++

C++ allows programmers to create virtual destructors. But, it doesn’t allow virtual constructors to be created because of various reasons. To know why a virtual destructor is needed, consider the following program: #include <iostream> using namespace std; class A { public: A() { cout<<“A’s constructor”<<endl; } ~A() { cout<<“A’s destructor”<<endl; } }; class B : public A { public: B() { cout<<“B’s constructor”<<endl; } ~B() { cout<<“B’s destructor”<<endl; } }; int main() { A *bptr = new B(); delete bptr; return 0; } Output for the above program is as follows: A‘s constructor B’s constructor A‘s destructor   From the above output you can see that derived class destructor didn’t e...

WAFNinja – A Tool To Bypass WAF

WAFNinja  is a CLI tool written in Python. It is the best tool for penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendable, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja  supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up.   Using Command: wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ... Example: Fuzz: python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" -c "phpsessid=value" -t xss -o output.html   Bypass: python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&amp;Submit=Submit" -c "phpsessid=value" -t xss -o output....