Dailydave mailing list archives
Re: Web Hacking!
From: Isaac Dawson <isaac.dawson () gmail com>
Date: Fri, 30 Sep 2011 23:35:16 +0900
sourceforge looks like a FP, I guess they just used a crappy regex error matching tool :>. On Fri, Sep 30, 2011 at 10:38 PM, Dave Aitel <dave () immunityinc com> wrote:
This came out last night - http://pastebin.com/LaKrWgXT. Lots of respectable sites in that (sourceforge/mysql/etc). I don't know if any of it is true, of course. """ 1. http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second<http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second>' : SQLi Vulnerable 2. 3. http://www.love-shop.biz/b/166180/read' : SQLi Vulnerable 4. 5. http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource' : SQLi Vulnerable 6. (Be funny to change all the answers to every question to "Minimum viable product". :>) 7. """ -dave On 9/29/11 4:24 PM, Dave Aitel wrote: The past of web hacking is here, it's just not evenly distributed. And by that, I mean that you're going to find a lot of SQL Injection bugs if in Google you do "inurl:.asp site:myclient.com". Of course, you would probably say that any site that CAN be hacked by SQLi is probably already hacked with SQLi and the goal of any good hacker in the world is to be places no one else can be, right? But, it's likely that Blind SQLi is still under the radar, since it normally takes SO LONG to exploit that even the automated worms get bored and give up. :> BUT, one thing we're going to teach you in the Web Hacking class at INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm that gets twice the performance of SQLMap on Blind SQLi. It's awesome. You should come. :> -dave _______________________________________________ Dailydave mailing listDailydave@lists.immunityinc.comhttps://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Web Hacking! Dave Aitel (Sep 29)
- Re: Web Hacking! Dave Aitel (Sep 30)
- Re: Web Hacking! Isaac Dawson (Sep 30)
- Re: Web Hacking! Jonathan Brossard (Sep 30)
- Re: Web Hacking! Tracy Reed (Sep 30)
- <Possible follow-ups>
- Fwd: Re: Web Hacking! Neusbeer (Sep 30)
- Re: Web Hacking! Dave Aitel (Sep 30)