Dailydave mailing list archives
Re: Web Hacking!
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 30 Sep 2011 09:38:47 -0400
This came out last night - http://pastebin.com/LaKrWgXT. Lots of respectable sites in that (sourceforge/mysql/etc). I don't know if any of it is true, of course. """ 1. http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second' : SQLi Vulnerable 2. 3. http://www.love-shop.biz/b/166180/read' : SQLi Vulnerable 4. 5. http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource' : SQLi Vulnerable 6. (Be funny to change all the answers to every question to "Minimum viable product". :>) 7. """ -dave On 9/29/11 4:24 PM, Dave Aitel wrote:
The past of web hacking is here, it's just not evenly distributed. And by that, I mean that you're going to find a lot of SQL Injection bugs if in Google you do "inurl:.asp site:myclient.com". Of course, you would probably say that any site that CAN be hacked by SQLi is probably already hacked with SQLi and the goal of any good hacker in the world is to be places no one else can be, right? But, it's likely that Blind SQLi is still under the radar, since it normally takes SO LONG to exploit that even the automated worms get bored and give up. :> BUT, one thing we're going to teach you in the Web Hacking class at INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm that gets twice the performance of SQLMap on Blind SQLi. It's awesome. You should come. :> -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Web Hacking! Dave Aitel (Sep 29)
- Re: Web Hacking! Dave Aitel (Sep 30)
- Re: Web Hacking! Isaac Dawson (Sep 30)
- Re: Web Hacking! Jonathan Brossard (Sep 30)
- Re: Web Hacking! Tracy Reed (Sep 30)
- <Possible follow-ups>
- Fwd: Re: Web Hacking! Neusbeer (Sep 30)
- Re: Web Hacking! Dave Aitel (Sep 30)