Archive for November, 2006

MD’s SQL Injection Cheat Sheet

November 03rd, 2006 * Comments(0)

Ever perform a web application test, come across an SQL Injection issue…. then what? I have started compiling an SQL Injection cheat sheet. The paper currently covers the areas seen below (Table of contents). I hope this will be useful to you.

Table of contents:
Generic - Bypass Authentication
Microsoft SQL
MySQL
Oracle
PostgreSQL
References and Credits

Additional payload submissions welcome.
The paper can be found here.
The direct link is: http://michaeldaw.org/sql-injection-cheat-sheet/

JSScanner v1.0b released

November 02nd, 2006 * Comments(0)

JSScanner can now scan hosts using three techniques:
1. JSWebPing - Using IFrame technique
2. JSWebScript - Using Cross Site JavaScript technique
3. JSWebImage - Using Cross Site Imaging technique

Major changes:
+ Added JSWebImage Type Scanning.
+ Included HTML example into project for easy playing.

The latest version of JavaScript Network Scanner can be found at the following URL:
http://michaeldaw.org/projects/jsscanner/

Note: This is still BETA. I hope to add port scanning capabilities shortly.

« Previous Page

Recent