본문 바로가기

모의해킹 (WAPT)179

OWASP Top 10 - 2010 (New) OWASP (Open Web Application Security Project) Top 10 2010. 1. 7.
Web Application Security Scanner List The following list of products and tools provide web application security scanner functionality. Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here. If you know of a tool that should be added to this list, please contact Brian Shura at bshura73@gmail.com. C.. 2009. 12. 16.
Black Day to Kaspersky, vulnerable again, again exposes users and serial data It is known by many as February 7, 2009 I found a SQL Injection vulnerability in Kaspersky USA . When security sites and databases Kaspersky has been audited by an uber specialist, David Litchfield . But it seems that the story of vulnerabilities continue … This time parameter is vulnerable on a page in Malaysia and in Singapore . The vulnerability affects all databases in Southeast Asia. “ Kasp.. 2009. 12. 15.
SQL Error Base SQL Injection 1. NASA Full-Disclosure! AGAIN #Important Ok. First of all, I want to say I made this SQLi public(even though I didn’t wanted to do this), because I saw that somebody else found the vulnerable parameter. I found this SQLi 3 months ago… #Why I test websites ? Because this is my hobby and I want to prove that even big websites which should be very secure, can be hacked, and this is true and sad at.. 2009. 12. 11.
SQL Injection Tool - Pangolin v2.0.3 중국에서 만들었고 가장 많이(?) 사용하는 SQL-Injection 공격 or 보안점검 툴이다. 이번 버전부터는 한글메뉴도 지원되네~ 버전업 되면서 추가&강호된 기능은 다음과 같다. 1. 유니코드 지원 2. 쿠키인젝션 지원 3. MSSQL2005 지원 4. 다국어 및 테마 이 버전은 상용버전이 아닌 프리버전이다. 세션을 직접 설정해줄수도 잇으며 블라인드 sql injection이라서 느리긴해도 정확하다~ 파라미터 역시 설정에 의해서 바꾸어가면서 테스트 해준다 구분 무료 판 표준판 전문 판 기업 판 Access YES YES YES YES DB2 NO NO YES YES Informix NO NO YES YES MSSQL 2000 with Error YES YES YES YES MSSQL 2000 Blin.. 2009. 12. 7.
728x90