http://www.google.com/search?q=%22Warning%3A+mysql_num_rows%28%29%3A%22&num=100
This is lame and full of false positives. The stackoverflow one doesn't even have a single parameter in the url ! Webapps hacking these days is mostly depressing : more of the same :( For some real action, you can come here instead : http://conference.hitb.org/hitbsecconf2011kul/?page_id=898 Thanks and regards, endrazine- On 09/30/11 15:38, Dave Aitel wrote: > This came out last night - http://pastebin.com/LaKrWgXT. Lots of > respectable sites in that (sourceforge/mysql/etc). I don't know if any > of it is true, of course. > > """ > > 1. > > > http://sourceforge.net/apps/trac/gallery/timeline?from=2009-09-24T22%3A19%3A12Z%2B0000&precision=second' > : SQLi Vulnerable > 2. > > 3. > http://www.love-shop.biz/b/166180/read' : SQLi Vulnerable > 4. > > 5. > > http://stackoverflow.com/questions/3742239/php-mysql-error-warning-mysql-num-rows-expects-parameter-1-to-be-resource' > : SQLi Vulnerable > 6. (Be funny to change all the answers to every question to "Minimum > viable product". :>) > 7. > > > > """ > -dave > > On 9/29/11 4:24 PM, Dave Aitel wrote: >> The past of web hacking is here, it's just not evenly distributed. And >> by that, I mean that you're going to find a lot of SQL Injection bugs >> if in Google you do "inurl:.asp site:myclient.com". >> >> Of course, you would probably say that any site that CAN be hacked by >> SQLi is probably already hacked with SQLi and the goal of any good >> hacker in the world is to be places no one else can be, right? But, >> it's likely that Blind SQLi is still under the radar, since it >> normally takes SO LONG to exploit that even the automated worms get >> bored and give up. :> >> >> BUT, one thing we're going to teach you in the Web Hacking class at >> INFILTRATE <http://infiltratecon.com/training.html> is a new algorithm >> that gets twice the performance of SQLMap on Blind SQLi. It's awesome. >> You should come. :> >> >> -dave >> >> >> >> _______________________________________________ >> Dailydave mailing list >> [email protected] >> https://lists.immunityinc.com/mailman/listinfo/dailydave > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
