Fully Automated MySQL 5 Boolean Enumeration Script

This script uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping. Syntax: perl mysql5enum.pl -h [hostname] -u [url] [-q [query]] Example: perl mysql5enum.pl -h www.target.tld -u http://www.target.tld/vuln.ext?input=24 -q “select system_user()” Description: – By default, this script will first determine username, version and database name before enumerating the information_schema information. – When the -q […]

Continue Reading

RockYou Hacked – 32 Million Account Passwords Potentially Exposed

RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords to possible identity theft. And it has apparently taken RockYou more than 10 days to inform its users of the breach. The security firm Imperva informed RockYou that its site had a serious SQL injection flaw, according […]

Continue Reading

SQL Injection Attack Claims 132,000+

A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits […]

Continue Reading