On Fri, Sep 30, 2011 at 06:11:28PM +0200, Jonathan Brossard spake thusly: > This is lame and full of false positives. The stackoverflow one doesn't > even have a single parameter in the url !
It could be a POST or cookie parameter. I am constantly amazed at the very many ways sqli can be implemented. It is impossible to say just from a list of URLs that there isn't any sqli. > >> Of course, you would probably say that any site that CAN be hacked by > >> SQLi is probably already hacked with SQLi and the goal of any good > >> hacker in the world is to be places no one else can be, right? But, > >> it's likely that Blind SQLi is still under the radar, since it > >> normally takes SO LONG to exploit that even the automated worms get > >> bored and give up. :> I have recently run into situations where plenty of very interesting data can be obtained in a matter of hours (or a few days) getting data out a bit at a time using blind sqli. I have benchmarked blind sqli at 1MB in 4 days which means only 4 days to pull 65,000 credit card numbers. That would be worth the wait. :) -- Tracy Reed
pgpewAAdZgTuR.pgp
Description: PGP signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
