This came out last night - http://pastebin.com/LaKrWgXT. Lots of respectable sites in that (sourceforge/mysql/etc). I don't know if any of it is true, of course.
"""
1.
http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second'
: SQLi Vulnerable
2.
3.
http://www.love-shop.biz/b/166180/read' : SQLi Vulnerable
4.
5.
http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource'
: SQLi Vulnerable
6. (Be funny to change all the answers to every question to "Minimum
viable product". :>)
7.
"""
-dave
On 9/29/11 4:24 PM, Dave Aitel wrote:
> The past of web hacking is here, it's just not evenly distributed. And
> by that, I mean that you're going to find a lot of SQL Injection bugs
> if in Google you do "inurl:.asp site:myclient.com".
>
> Of course, you would probably say that any site that CAN be hacked by
> SQLi is probably already hacked with SQLi and the goal of any good
> hacker in the world is to be places no one else can be, right? But,
> it's likely that Blind SQLi is still under the radar, since it
> normally takes SO LONG to exploit that even the automated worms get
> bored and give up. :>
>
> BUT, one thing we're going to teach you in the Web Hacking class at
> INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm
> that gets twice the performance of SQLMap on Blind SQLi. It's awesome.
> You should come. :>
>
> -dave
>
>
>
> _______________________________________________
> Dailydave mailing list
> [email protected]
> https://lists.immunityinc.com/mailman/listinfo/dailydave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
