Here is a script to automate testing of webmail systems for cross-site scripting. It uses XSS Cheat Sheet to generate the injection strings. Compared to the previous version this version downloads XSS cheat sheet on the fly (instead of having it hard-coded) and supports SMTP authentication. Name: excess2 – A script for testing webmail systems […]
Continue ReadingSymantec Exposed Passwords, Serials – SQL Injection, Full Database Access A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit […]
Continue ReadingTopic: WordPress
Continue ReadingAutomated penetration suite for penetration testers. Author: David Kennedy, Partner, Practice Lead Release: February 7, 2009 @ ShmooCon by SecureState For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when […]
Continue ReadingBSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database. It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS: * MS-SQL Server * ORACLE * MySQL (experimental) Attack Templates for : * MS Access * MySQL * […]
Continue Reading