Symantec Online Store Hacked

Symantec Exposed Passwords, Serials – SQL Injection, Full Database Access A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit […]

Continue Reading

mysqloit – SQL Injection Takeover Tool

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Linux, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements […]

Continue Reading

SQL Injection attacks compromised 500,000 sites in 2008

Breach Security has released their annual Web Hacking Incidents Database (WHID) report. The focus is on the massive SQL Injection (SQLi) attacks seen online last year, and according to the data, more than 500,000 sites were compromised. The report states that SQLi attacks, with the aim of planting Malware on a compromised site, were the […]

Continue Reading

Fast-Track 4.0

Automated penetration suite for penetration testers. Author: David Kennedy, Partner, Practice Lead Release: February 7, 2009 @ ShmooCon by SecureState For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when […]

Continue Reading