BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “–test” switch to clearly see how configured payload looks like before sending it to an application. What is Blind SQL Injection? Blind SQL Injection […]
jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database. It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. Features Automatic injection of 23 kinds of databases: Access CockroachDB […]
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has […]
So it turns out the TalkTalk hack is a lot more serious than they initially tried to make it out to be, TalkTalk claimed that it’s core system wasn’t compromised and only the website was breached. But now they’ve admitted the hackers got away with bank account numbers, partial credit card numbers and dates of […]
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. In each lesson, users must demonstrate their understanding of a […]
So this story caught my eye and I found it pretty interesting as it reads like something out of a Tom Clancy novel crossed with a bunch of script kiddies, a Navy Sys Admin has been charged with conspiracy to hack – the interesting part was that he hacked the Navy (whilst working there..) and […]
