BSQL Hacker is an automated SQL Injection Framework / Tool designed to
exploit SQL injection vulnerabilities virtually in any database.
It ships with Automated Attack modules which allows to dump whole database:
- SQL Server
- ORACLE
- MySQL (*experimental*)
Attack Templates :
- MS
Great (and simple) idea!
Further optimization of the side-channel transfer rate could be
possible (depending on the victim response times and other factors),
so limiting it to 4 bits per query is unnecessary.
Details: http://www.logris.org/security/deep-blind-sql-injection
Cheers,
Mordred
A new version of the OWASP DirBuster Project is ready to be downloaded.
If you are not familiar with this OWASP project, DirBuster is a multi
threaded java application designed to brute force directories and
files names on web/application servers. Often is the case now of what
looks like a
so does owasp do anything useful or just cater to script kiddies?
On Wed, Aug 20, 2008 at 9:42 AM, James Fisher
[EMAIL PROTECTED] wrote:
A new version of the OWASP DirBuster Project is ready to be downloaded.
If you are not familiar with this OWASP project, DirBuster is a multi
threaded
A pen tester could use it to see if they can use it to find directories
for admin scripts that rely on the assumption that the attacker does not
know where to find it.
On Wed, 2008-08-20 at 10:05 -0500, Robert Holgstad wrote:
so does owasp do anything useful or just cater to script kiddies?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:175
http://www.mandriva.com/security/
That depends. How does your definition differ between script kiddies and a
pen-tester that wants to maximize efficiency, especially over a task that
might be boring to accomplish manually or develop one's own script for?
What would you like OWASP to do for you? Feel free to offer suggestions!
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:176
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
vBulletin Cross Site Scripting Vulnerability
*Advisory Information*
Title: vBulletin Cross Site Scripting Vulnerability
Advisory ID:
Guess he has not been to www.owasp.org recently...
==
Sent via blackberry, call 973-202-0122 to further discuss this email if
required.
-Original Message-
From: Michael Krymson [EMAIL PROTECTED]
Date: Wed, 20 Aug 2008 15:18:24
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Ferruh Mavituna wrote:
| This is a short whitepaper about a new way to exploit Blind SQL
Injections.
| It's implemented in BSQL Hacker (
| http://labs.portcullis.co.uk/application/bsql-hacker/ ).
|
| *It is possible gather information from a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:177
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:178
http://www.mandriva.com/security/
13 matches
Mail list logo