sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file. Databases supported: IBM DB2 Microsoft SQL Server Oracle Postgres Mysql […]
Apparently 8/10 High Traffic or ‘Big’ Websites are Vulnerable
[ad] It seems after a brief scan that about 80% of sites contain common flaws that allows them to be compromised in some way, most often to create phishing sites, steal data and hijack info about clients. An amazing 30% contain a serious vulnerability. Eight out of ten Web sites contain common flaws that can […]
Proxmon – Proxy Log Monitoring Tool
[ad] ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Formerly announced […]
Trojan Mimicks Windows Activation Interface – KardPhisher
[ad] Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number. The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack. Symantec is reporting on a Trojan horse that mimics the Windows activation interface. What they are calling Trojan.Kardphisher […]
Selenium – JavaScript Web Application Security Testing Tool
[ad] Selenium is a test tool for web applications. Selenium tests run directly in a browser, just as real users do. And they run in Internet Explorer, Mozilla and Firefox on Windows, Linux, and Macintosh. No other test tool covers such a wide array of platforms. Browser compatibility testing. Test your application to see if […]