[Full-disclosure] WebRaider [TOOL]

2010-03-02 Thread Ferruh Mavituna
/fmavituna/one-click-ownage-ferruh-mavituna-3 It's licensed under GPLv3 and all the source code is in the Google Code SVN. Source code includes all the required files to create your own payload for manually using One Click Ownage attack as well. More information about the tool, source code

[Full-disclosure] One Click Ownage [White Paper and Scripts]

2009-07-03 Thread Ferruh Mavituna
This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (particularly in MSSQL). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial

[Full-disclosure] BSQL Hacker 0.9.0.7 - Advanced SQL Injection Framework / Tool

2008-08-20 Thread Ferruh Mavituna
-hacker/https://labs.portcullis.co.uk/application/bsql-hacker/ *Injection Wizard Video: *http://www.vimeo.com/1536040?pg=embedsec=1536040 -- Ferruh Mavituna http://ferruh.mavituna.com ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] Deep Blind SQL Injection Whitepaper

2008-08-19 Thread Ferruh Mavituna
(compared to normal Blind SQL Injection), requiring two rather than six requests to retrieve each char. * *Download: *https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf Regards, -- Ferruh Mavituna http://ferruh.mavituna.com ___ Full

Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper

2008-08-19 Thread Ferruh Mavituna
of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 -- Ferruh Mavituna http://ferruh.mavituna.com ___ Full-Disclosure - We believe in it. Charter

[Full-disclosure] Diigo Toolbar - Global XSS and Information Leakage in SSL URLs

2008-06-20 Thread Ferruh Mavituna
. == Disclosure Timeline == * 9 May 2008 - Vendor Informed, Couple of mail exchanged and I tried to explain why this is bad, it didn't work. * 12 May 2008 - Ask for an update, No response. * 20 June 2008 - Public Release -- Ferruh Mavituna http://ferruh.mavituna.com

[Full-disclosure] DoS attacks using SQL Wildcards

2008-05-19 Thread Ferruh Mavituna
and detailed analysis in the paper which explains and shows the impact of this attack. Regards, -- Ferruh Mavituna ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

[Full-disclosure] DoS attacks using SQL Wildcards

2008-05-19 Thread Ferruh Mavituna
and detailed analysis in the paper which explains and shows the impact of this attack. Regards, -- Ferruh Mavituna ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

[Full-disclosure] XSS Tunnelling White Paper and Tool

2007-07-11 Thread Ferruh Mavituna
://ferruh.mavituna.com/blogs/xsstunnelling-video.zip Video shows to exploit a permanent XSS in wordpress and bypass Basic Auth on the fly by XSS Tunnel. Regards, -- Ferruh Mavituna http://ferruh.mavituna.com ___ Full-Disclosure - We believe in it. Charter