Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Yet another SQL injection framework

from [Greg Merideth] Network Security [Permanent Link]
Subject: RE: Yet another SQL injection framework
Date: Mon, 23 Apr 2007 16:03:39 -0400 
The script simply hides or shows the link on the page which points to
sf.

http://sourceforge.net/projects/injection-fwk/

-----Original Message-----
From: Nick Boyce [mailto:nick.boyce@gmail.com] 
Sent: Friday, April 20, 2007 9:13 AM
To: bugtraq@securityfocus.com
Cc: Guillermo Marro
Subject: Re: Yet another SQL injection framework

On 4/19/07, Guillermo Marro <gmmarro@flowgate.net> wrote:


FG-Injector is a free tool that leverages the pentester's work by
facilitating the exploitation of SQL Injection vulnerabilities.

[...]

Get both, sources and a windows binary from:
http://www.flowgate.net/?lang=en&seccion=herramientas


Um .. when I click on the link for "FG-Injector" at the above site
with my NoScript-enabled Firefox all I see is what looks like a server
log entry for my interaction :

aaa.bbb.ccc.ddd Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 /injector

This is presumably because the actual links are infested with Javascript
:

onClick="javascript:showStaff('injector')"

Since I'm following links in an email on a security mailing list I'm
disinclined to disable NoScript - any chance you can convert the links
into normal HREFs ?

I could go and grab your Javascript library and figure out what
'showStaff' does ... but I'd rather just click on an old-school link.

Cheers
Nick Boyce
-- 
I speak to all bloggers everywhere: just shut up for a second and let
me think, will you?
 -- blog comment at http://it-gears.blogspot.com/   :-)
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ MDKSA-2007:093 ] - Updated zziplib packages fix vulnerability, security
Next by Date:  acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy, Mohandko
Previous by Thread:  Re: Yet another SQL injection framework, Nick Boyce
Next by Thread:  RaidenFTPd IXceedCompression multiple denial of service vulnerabilities, Michal Bucko
Indexes:  [Date] [Thread] [Top] [All Lists]