Home Blog Page 7
Updates: 14/05/07 Added link to new version David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3). It has not been confirmed as yet, but I believe this will affect all versions of the plugin. The...
Related articles: SQL Injection Cheat Sheet We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing. Character(s) Details NULL or null Often produces interesting error messages as the web application is expecting a value....
Related articles: Input Validation Cheat Sheet (Want to find other input validation problems?) Table of Contents Generic - Bypass Authentication Microsoft SQL Sybase MySQL Oracle PostgreSQL DB2 Ingres Bypass SQL Injection Filters References and Credits ChangeLog Date Change 09/07/07 DB2 Database SQL Injection Cheatsheet(Author: pentestmonkey.net) 09/07/07 Ingres Database SQL Injection Cheatsheet (Author: pentestmonkey.net) 13/03/07 Bypass SQL Injection Filters 03/01/06 Added some more blind SQL injection tests for MySQL (Author: jungsonn) 21/12/06 Added Concat...

Projects

WordPress Securify Plugin WordPress Securify (WPSec) is a security plugin for WordPress. Every hour the tests specified within WPSec will be executed. A count of “warnings” is displayed in the top right of the WordPress Admin panel. WordPress Securify ShellScript This project has been split into two parts. The first was a...

Adobe Universal XSS

Discussion In September pdp and I did some really fun work involving backdooring PDF files. It opened alot of eyes and some back accounts in getting it fixed. Now Stefano Di Paola and Giorgio Fedon have found a way to perform universal XSS attacks on systems with Adobe Reader and...