WebApp Sec mailing list archives
Re: Yet another SQL injection framework (file corruption)
From: Guillermo Marro <gmmarro () flowgate net>
Date: Fri, 20 Apr 2007 08:56:29 -0300
For some reason files were corrupted during the upload process. Now the correct archive is in place, together with a md5 sum of it. Apologies for the 'noise'. -G On Thu, 2007-04-19 at 15:44 -0300, Guillermo Marro wrote:
Hi List, FG-Injector is a free tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities. It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation. The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs. Get both, sources and a windows binary from: http://www.flowgate.net/?lang=en&seccion=herramientas -G
-- ........................................... Guillermo Marro F L O W G A T E Consulting Maipu 778 - piso 1 - of 10 Rosario - 2000 Argentina TEL: +54-341-4112511 FAX: +54-341-5291067 PGP: http://www.flowgate.net/PK/GM_FG.pub ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA --------------------------------------------------------------------------
Current thread:
- Yet another SQL injection framework Guillermo Marro (Apr 19)
- Re: Yet another SQL injection framework (file corruption) Guillermo Marro (Apr 20)