Dailydave mailing list archives

Re: Web Hacking!

From: Isaac Dawson <isaac.dawson () gmail com>
Date: Fri, 30 Sep 2011 23:35:16 +0900

sourceforge looks like a FP, I guess they just used a crappy regex error
matching tool :>.

On Fri, Sep 30, 2011 at 10:38 PM, Dave Aitel <dave () immunityinc com> wrote:

This came out last night - http://pastebin.com/LaKrWgXT. Lots of
respectable sites in that (sourceforge/mysql/etc). I don't know if any of it
is true, of course.

"""

http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&amp;precision=second<http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second>'
: SQLi Vulnerable
2.
3. http://www.love-shop.biz/b/166180/read&apos; : SQLi Vulnerable
4.
5.

http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource&apos;
: SQLi Vulnerable
6. (Be funny to change all the answers to every question to "Minimum
viable product". :>)
7.

"""
-dave

On 9/29/11 4:24 PM, Dave Aitel wrote:

The past of web hacking is here, it's just not evenly distributed. And by
that, I mean that you're going to find a lot of SQL Injection bugs if in
Google you do "inurl:.asp site:myclient.com".

Of course, you would probably say that any site that CAN be hacked by SQLi
is probably already hacked with SQLi and the goal of any good hacker in the
world is to be places no one else can be, right? But, it's likely that Blind
SQLi is still under the radar, since it normally takes SO LONG to exploit
that even the automated worms get bored and give up. :>

BUT, one thing we're going to teach you in the Web Hacking class at
INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm
that gets twice the performance of SQLMap on Blind SQLi. It's awesome. You
should come. :>

-dave

_______________________________________________
Dailydave mailing listDailydave@lists.immunityinc.comhttps://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Web Hacking! Dave Aitel (Sep 29)
- Re: Web Hacking! Dave Aitel (Sep 30)
  - Re: Web Hacking! Isaac Dawson (Sep 30)
  - Re: Web Hacking! Jonathan Brossard (Sep 30)
    - Re: Web Hacking! Tracy Reed (Sep 30)
- <Possible follow-ups>
- Fwd: Re: Web Hacking! Neusbeer (Sep 30)