Re: elegance

[ned <nd () felinemenace org>]

sql injection is the problem that needs fixing.
STABFACE is not ready for the world if it keeps finding stuff like:

http://www.news.navy.mil/view_single.asp?id=400'

its all about the news isnt it?
anyhow, anyone with google technique can find interesting stuff too.
- nd

On Sat, 28 Feb 2004, Dave Aitel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> dude, that's totally cool! What problem are you trying to fix again?
> Regardless, I think it's a cool script. You should give a talk at
> blackhat/cansecwest/g-con about it. Also write an auto-exploitation
> engine for SQL injection bugs. Demonstrate it on that .gov.cn one
> during your talk. :>
>
> My fav SQL injection bug was aljazeera. It's the news! Straight
> from...anyone with a web browser.
>
> - -dave
>
>
> ned wrote:
>
> | after combining google (pygoogle.sourceforge.net), simple url
> | processing and 1/3 of a clue about major problems in web
> | applications (encompassing cgi..) and how to find them...:
> |
> | C:\misc\SF>python STABFACE.py end at offset 290 FOUND ->
> | http://edsitement.neh.gov/view_lesson_plan.asp?id=400' FOUND ->
> | http://nces.ed.gov/fastfacts/display.asp?id=400' FOUND ->
> | http://www.e-gov.com/showPR.asp?id=400' FOUND ->
> | http://web.ncifcrf.gov/campus/calendar/view-event.asp?id=400' FOUND
> | -> http://www.gov.ns.ca/news/details.asp?id=400' FOUND ->
> | http://said.dol.gov/WhatsNew.asp?ID=400' FOUND ->
> | http://www.miproyecto.gov.ve/masdetalle.asp?ID=400' FOUND ->
> | http://www.inel.gov/st-needs/need-detail.asp?id=400' FOUND ->
> | http://www.peoplesnetwork.gov.uk/news/article.asp?id=400' FOUND ->
> | http://www.presidiotrust.gov/news/press_release.asp?id=400' FOUND
> | -> http://www.cityofboston.gov/contact/default.asp?ID=400' FOUND ->
> | http://www.mpriv.sr.gov.yu/ita/info/solo.asp?ID=400' FOUND ->
> | http://cfc.ky.gov/cbs-snap/child_details.asp?ID=400' FOUND ->
> | http://www.mec.gov.br/acs/asp/noticias/noticiasId.asp?Id=400' FOUND
> | -> http://www.stcsm.gov.cn/events/detail.asp?id=400' FOUND ->
> | http://www.wastewise.wa.gov.au/pages/links2.asp?ID=400'
> | etc...(about another 100 results)
> |
> | and people still use overflows in windows worms? these machines are
> |  usually the ones worth attacking, with the promise of big
> | databases usually fulfilled. any suggestions on fixing this huge
> | problem? can it be fixed? - nd
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFAQEI4zOrqAtg8JS8RAtbyAJwPK4h9B/bXkInhYjjmLmOFeZ3SIgCdFncA
> pfrW4WscE7AE9EZV6QrRjHg=
> =upS+
> -----END PGP SIGNATURE-----

-- 
http://felinemenace.org/~nd

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave