splmap 0.6 released
My friend inquis today released one of the best SQL injection tools available to the public: sqlmap.
For the ones of you that do not know this tool yet, sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it [...]
Database datatype comparison sheet
Sometimes when writing automated SQL injection tools or exploit based on SQLi vulnerabilities you can fight with the different implementation of standard SQL datatype of DBMS.Reading a lot of documentation i wrote a comparison sheet between datatypes used by Mysql, SQL Server, Oracle, DB2, SQLite, PostgreSQL, Sybase ASE, Firebird.You can download Adobe Acrobat [PDF] or [...]
Famola strana (la SQL Injection)
Provate a pensare a tutti i sistemi di controllo del traffico autostradale quali ad esempio i famosi autovelox "Tutor" il cui funzionamento e` basato sul riconoscimento automatico della targa
di un autoveicolo. Una telecamera inquadra l’autoveicolo e un software riconosce la targa e ne interpreta i caratteri, trasformando un’immagine in un un dato che puo` essere [...]
Rails Security: Secure your Ruby on Rails web application
Ruby on Rails is a great Ruby framework for rapid development of web applications.
But default Rails comes with some (in)security features that must be hardened and fixed.
And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code.
Some examples:
File permission: default Rails [...]
Free SQL Injection Scanners
SQLIer – SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all. Get SQLIer.
SQLbftools – SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack. Get SQLbftools.
SQL Injection Brute-forcer – [...]