[ad] We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008. For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL […]
sql-injection
bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool
[ad] This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. […]
Acunetix Web Vulnerability Scanner (WVS) 6.5 Released
[ad] You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software. Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front. I’m hoping to try out the AcuSensor on […]
Massive Malware Outbreak Infects 30,000 Websites
[ad] This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware. The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place. An […]
Pangolin – Automatic SQL Injection Tool
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management […]