Zero-Day Attack Compromises a Half-Million Web Forum Accounts

Wednesday, November 4th, 2015

Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two. “Coldzer0” said in a post co-authored with @Cyber_War_News that he exploited the same zero-day vulnerability for both domains, and was able to ...

Yahoo logins hacked and leaked

Thursday, July 12th, 2012

A hacker group called D33D is claiming to have accessed more than 453,000 logins from Yahoo. The group says it used a union-based SQL injection to access an unidientified Yahoo service to retrieve the data, which it says was unencrypted, and has posted it online. "We hope that ...

Scrawlr – Tool for finding SQL Injection

Wednesday, October 28th, 2009

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology ...

‘Ardilla’ Automatically Roots Out SQL Injection And XSS, Generates Attacks

Thursday, June 18th, 2009

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. The so-called Ardilla tool uses a technique developed by the researchers -- MIT's Adam Kiezun, the University of Washington's Michael Ernst, Stanford's Philip Guo, and Syracuse University's Karthick Jayaraman -- that creates ...

Six Steps to Stop SQL Injections

Monday, June 8th, 2009

According to IBM ISS X-Force findings, SQL injections last year became the most common Web-based attack technique. Hackers are successful with these attacks largely due to poor coding practices. The following are six ways organizations can start to mitigate the risk from SQL injections. Slideshow:

Page 1 of 912345...Last »