splmap 0.6 released

My friend inquis today released one of the best SQL injection tools available to the public: sqlmap. For the ones of you that do not know this tool yet, sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once […]

Database datatype comparison sheet

Sometimes when writing automated SQL injection tools or exploit based on SQLi vulnerabilities you can fight with the different implementation of standard SQL datatype of DBMS.Reading a lot of documentation i wrote a  comparison sheet between datatypes used by Mysql, SQL Server, Oracle, DB2, SQLite, PostgreSQL, Sybase ASE, Firebird.You can download Adobe Acrobat [PDF] or […]

Famola strana (la SQL Injection)

Provate a pensare a tutti i sistemi di controllo del traffico autostradale quali ad esempio i famosi autovelox “Tutor” il cui funzionamento e` basato sul riconoscimento automatico della targa di un autoveicolo. Una telecamera inquadra l’autoveicolo e un software riconosce la targa e ne interpreta i caratteri, trasformando un’immagine in un un dato che puo` […]

Rails Security: Secure your Ruby on Rails web application

Ruby on Rails is a great Ruby framework for rapid development of web applications. But default Rails comes with some (in)security features that must be hardened and fixed. And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code. Some examples: […]

Free SQL Injection Scanners

SQLIer – SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all. Get SQLIer. SQLbftools – SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack. Get SQLbftools. SQL Injection Brute-forcer […]