Fully Automated MySQL 5 Boolean Enumeration Script

This script uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping. Syntax: perl mysql5enum.pl -h [hostname] -u [url] [-q [query]] Example: perl mysql5enum.pl -h www.target.tld -u http://www.target.tld/vuln.ext?input=24 -q “select system_user()” Description: – By default, this script will first determine username, version and database name before enumerating the information_schema information. – When the -q […]

Continue Reading

Groupon Leaks Entire Indian User Database

The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google. The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail address and password pairs. […]

Continue Reading