MySQL SQL Injection Cheat Sheet

Sunday, April 6th, 2008

Some useful syntax reminders for SQL Injection into MySQL databases... This post is part of a series of SQL Injection Cheat Sheets.  In this series, I've endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend.  This helps to ...

SQL query injection for dummies

Friday, March 28th, 2008

The purpose of this article is to help people without advanced computer knowledge to start white hacking and learn how to write more secure login web pages. When I started to learn about security, even though I searched really hard, I did not manage to find articles that would tell ...

Firefox Web Application Testing Tools

Monday, March 24th, 2008

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for ...

Click A Link, Go To Jail

Thursday, March 20th, 2008

Whelp, we’ve talked about it, but now it’s finally possible. CSRF can now cause jail time. The FBI has begun arresting people who click on links to supposed child pornography. Now, I understand the noble pursuit, but there’s a fairly huge flaw in the old logic. I can force users ...

Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

Monday, March 17th, 2008

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems. It’s becoming a mature and useful package! I’m glad ...