Safe3 SQL Injector

Posted May 15th, 2010. Filed under Security Stuff

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Full support for GET/Post/Cookie Injection;
Full support for HTTP Basic, Digest, NTLM and Certificate authentications
Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
Full support for Error/Union/Blind/Force SQL injection
Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
Super bypass WAF
Release Date:

De aici :
Download :


Proiectele vechi

Posted May 13th, 2010. Filed under DotRO

Zilele trecute eram interesat de proiecte vechi din online-ul romanesc.Am zis sa vad si eu ce facea lumea acum ceva timp , cine si cu ce isi ocupa timpul cand nu era twitter.
Am ajuns la ceva ce a fost un proiect destul de ok,este vorba despre un proiect reusit acum cativa ani de zile.Proiectul a fost dat uitarii,lumea trece mai departe si uita de lucrurile vechi ( nu spun asta ca un lucru rau) , toti uitam,e omenesc , este normal.
Bun ,acum sa spun de ce scriu despre asta ,proiectul chiar daca a fost de succes avea o mica problema ,website-ul respectiv prezenta o vulnerabilitate.Este vorba despre SQL injection , una dintre cele mai folosite vulnerabilitati in ultimii 2 ani.OK , pana aici nimic nou din moment ce sunt sute sau milioane de website-uri cu asemenea probleme insa surpriza vine de aici :
$ host has address
suna cunoscut ip-ul ? Poate ajut eu putin :
Domain Info :
Domain Name:
Registrar: Nettissimo Rom SRL
Registration Date: 2007-09-11
Domain Status: OK

Da , a fost un proiect sau cel putin hostat acolo ( nu stiu exact )
Pentru ca acum ceva timp Cristi sau a fost foarte ok cand am discutat cu el mi-am aminit ca lucreaza la Realitatea asa ca ieri am trimis un e-mail cu problema respectiva.
Exact cum m-am asteptat,”Piticu” a raspuns foarte rapid si foarte frumos , probleama a fost rezolvat pe loc.
Tin sa ii multumesc lui Cristi pentru felul in care a raspuns , daca ar raspunde si restul carora am raportat probleme in felul asta altfel ar sta lucrurile.

PoC ca sa nu spuna lumea ca vorbesc aiurea :

PoC :
Problema rezolvata.
Din pacate problema celor de la inca exista. Vezi aici : in pericol
Sper ca pana la urma cineva sa rezolve si problema aia.

Do SQL injections turn you on? How about double SQL injections? If the answer is ‘yes’, then
1): Good luck with your dating life
2) Boy are you in some luck!

A new of breed of security product called Seeker produces some vivid hacker pr0n in the form of a video (see above) of how it broke and exploited every nook and cranny of your unsecure code. Yes, I’m going to say it, Seeker might be the Seymore Butts of security products!

Kidding aside, Seeker seems be packing pretty fearsome application security technology. The company behind it is an Israeli white hat hacking shop called Hacktics. These guys do work for startups, banks, telcos, governments, and homeland security agencies. Their team members hold very high security clearances due to their prior and current service records in the IDF (Israeli Defense Force). It’s safe to say these guys know a thing or two about application security.

Seeker was designed for use by individuals that are part of the development organization which do not necessarily possess security knowledge, or even deep technical knowledge. These can range from developers, to QA staff, to team leaders. It’s for this reason that Seeker points to real business threats rather than just technical issues.

This is where a two particular product features stand out. Seeker produces screenshots (see below) that allow testers to see the vulnerabilities in the context of the actual application functionality they relate to, rather than getting just technical information based on URLs. The screenshots also contain screenshots showing how the application handled each attack.

The second stand-out feature is ‘Exploit Videos’. Seeker automatically creates a step-by-step exploit video for each vulnerability it identifies and exploits, making it easier for the developer to manually reproduce errors before and after fixing the code. Video is also quite an effective method for non-security users to understand the actual threats and potential exploits. Just imagine being able to show management or external developers such a video. Pretty effective stuff.

Seeker’s methodology is to perform runtime analysis of code executed in order to identify security flaws in the application. This is done by hooking into the process executing the application, and performing step-by-step analysis of the executed code. The attacks themselves are generated dynamically based on a ‘Smart Attack Tree,’ a long list of rules for mutating attacks based both on how the application reacts to them, and the actual application code.

The product supports an orgy of vulnerabilities, including: SQL injection, XML/XPath injection, directory traversal, cross-site scripting, parameter tampering, forceful browsing, malicious content upload, username/password enumeration, insecure redirects, source code disclosure, insecure storage of sensitive data (such as Credit cards, CVVs, SSNs), cookie poisoning and plenty more.

Currently supported are Java and .NET code analysis, using any database if no stored procedures are used. For stored procedures, Seeker supports Microsoft SQL and Oracle. PHP, as well as support for MySQL stored procedures, will be rolled out in a few months.

Seeker is currently headquartered in Israel, with $3M in funding under its belt.

Mai multe :

SFX-SQLi (Select For XML SQL injection)

Posted April 6th, 2010. Filed under Security Stuff

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.

This technique is based on the FOR XML clause, which is able to convert the content of a table into a single string, so its contents could be appended to some field injecting a subquery into a vulnerable input of a web application.

Paper : click
Mai multe informatii aici : . Source code + binary + test.

Powered by HaxTor | CopyWrong © 2011