[Full-disclosure] BSQL Hacker 0.9.0.7 - Advanced SQL Injection Framework / Tool

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. It ships with Automated Attack modules which allows to dump whole database: - SQL Server - ORACLE - MySQL (*experimental*) Attack Templates : - MS

Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper

Great (and simple) idea! Further optimization of the side-channel transfer rate could be possible (depending on the victim response times and other factors), so limiting it to 4 bits per query is unnecessary. Details: http://www.logris.org/security/deep-blind-sql-injection Cheers, Mordred

[Full-disclosure] OWASP DirBuster 0.11.1 Released

A new version of the OWASP DirBuster Project is ready to be downloaded. If you are not familiar with this OWASP project, DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

so does owasp do anything useful or just cater to script kiddies? On Wed, Aug 20, 2008 at 9:42 AM, James Fisher [EMAIL PROTECTED] wrote: A new version of the OWASP DirBuster Project is ready to be downloaded. If you are not familiar with this OWASP project, DirBuster is a multi threaded

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

A pen tester could use it to see if they can use it to find directories for admin scripts that rely on the assumption that the attacker does not know where to find it. On Wed, 2008-08-20 at 10:05 -0500, Robert Holgstad wrote: so does owasp do anything useful or just cater to script kiddies?

[Full-disclosure] [ MDVSA-2008:175 ] yelp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:175 http://www.mandriva.com/security/

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

That depends. How does your definition differ between script kiddies and a pen-tester that wants to maximize efficiency, especially over a task that might be boring to accomplish manually or develop one's own script for? What would you like OWASP to do for you? Feel free to offer suggestions! On

[Full-disclosure] [ MDVSA-2008:176 ] mtr

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:176 http://www.mandriva.com/security/

[Full-disclosure] CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ vBulletin Cross Site Scripting Vulnerability *Advisory Information* Title: vBulletin Cross Site Scripting Vulnerability Advisory ID:

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

Guess he has not been to www.owasp.org recently... == Sent via blackberry, call 973-202-0122 to further discuss this email if required. -Original Message- From: Michael Krymson [EMAIL PROTECTED] Date: Wed, 20 Aug 2008 15:18:24 To:

Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper

-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Ferruh Mavituna wrote: | This is a short whitepaper about a new way to exploit Blind SQL Injections. | It's implemented in BSQL Hacker ( | http://labs.portcullis.co.uk/application/bsql-hacker/ ). | | *It is possible gather information from a

[Full-disclosure] [ MDVSA-2008:177 ] xine-lib

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:177 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:178 ] xine-lib

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:178 http://www.mandriva.com/security/