Re: Web Hacking!

[Dave Aitel <dave () immunityinc com>]

This came out last night - http://pastebin.com/LaKrWgXT. Lots of
respectable sites in that (sourceforge/mysql/etc). I don't know if any
of it is true, of course.

"""

 1.

    http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second'
    :  SQLi Vulnerable
 2.
     
 3.
    http://www.love-shop.biz/b/166180/read' :  SQLi Vulnerable
 4.
     
 5.
    
http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource'
    :  SQLi Vulnerable
 6. (Be funny to change all the answers to every question to "Minimum
    viable product". :>)
 7.
     


"""
-dave
 
On 9/29/11 4:24 PM, Dave Aitel wrote:
> The past of web hacking is here, it's just not evenly distributed. And
> by that, I mean that you're going to find a lot of SQL Injection bugs
> if in Google you do "inurl:.asp site:myclient.com".
>
> Of course, you would probably say that any site that CAN be hacked by
> SQLi is probably already hacked with SQLi and the goal of any good
> hacker in the world is to be places no one else can be, right? But,
> it's likely that Blind SQLi is still under the radar, since it
> normally takes SO LONG to exploit that even the automated worms get
> bored and give up. :>
>
> BUT, one thing we're going to teach you in the Web Hacking class at
> INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm
> that gets twice the performance of SQLMap on Blind SQLi. It's awesome.
> You should come. :>
>
> -dave
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave