Dailydave mailing list archives
Re: elegance
From: Dave Aitel <dave () immunitysec com>
Date: Sat, 28 Feb 2004 02:24:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dude, that's totally cool! What problem are you trying to fix again? Regardless, I think it's a cool script. You should give a talk at blackhat/cansecwest/g-con about it. Also write an auto-exploitation engine for SQL injection bugs. Demonstrate it on that .gov.cn one during your talk. :> My fav SQL injection bug was aljazeera. It's the news! Straight from...anyone with a web browser. - -dave ned wrote: | after combining google (pygoogle.sourceforge.net), simple url | processing and 1/3 of a clue about major problems in web | applications (encompassing cgi..) and how to find them...: | | C:\misc\SF>python STABFACE.py end at offset 290 FOUND -> | http://edsitement.neh.gov/view_lesson_plan.asp?id=400' FOUND -> | http://nces.ed.gov/fastfacts/display.asp?id=400' FOUND -> | http://www.e-gov.com/showPR.asp?id=400' FOUND -> | http://web.ncifcrf.gov/campus/calendar/view-event.asp?id=400' FOUND | -> http://www.gov.ns.ca/news/details.asp?id=400' FOUND -> | http://said.dol.gov/WhatsNew.asp?ID=400' FOUND -> | http://www.miproyecto.gov.ve/masdetalle.asp?ID=400' FOUND -> | http://www.inel.gov/st-needs/need-detail.asp?id=400' FOUND -> | http://www.peoplesnetwork.gov.uk/news/article.asp?id=400' FOUND -> | http://www.presidiotrust.gov/news/press_release.asp?id=400' FOUND | -> http://www.cityofboston.gov/contact/default.asp?ID=400' FOUND -> | http://www.mpriv.sr.gov.yu/ita/info/solo.asp?ID=400' FOUND -> | http://cfc.ky.gov/cbs-snap/child_details.asp?ID=400' FOUND -> | http://www.mec.gov.br/acs/asp/noticias/noticiasId.asp?Id=400' FOUND | -> http://www.stcsm.gov.cn/events/detail.asp?id=400' FOUND -> | http://www.wastewise.wa.gov.au/pages/links2.asp?ID=400' | etc...(about another 100 results) | | and people still use overflows in windows worms? these machines are | usually the ones worth attacking, with the promise of big | databases usually fulfilled. any suggestions on fixing this huge | problem? can it be fixed? - nd | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAQEI4zOrqAtg8JS8RAtbyAJwPK4h9B/bXkInhYjjmLmOFeZ3SIgCdFncA pfrW4WscE7AE9EZV6QrRjHg= =upS+ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- elegance ned (Feb 27)
- Re: elegance Dave Aitel (Feb 27)
- Re: elegance ned (Feb 27)
- Re: elegance Nexus (Feb 28)
- Re: elegance Dave Aitel (Feb 27)