lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 Jun 2005 14:43:03 +0100
From: "Dave Korn" <davek_throwaway@...mail.com>
To: nessus@...t.nessus.org
Cc: pen-test@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Re: how to exploit SQL INJECTION?


----Original Message----
>From: Pablo Escobar
>Message-Id: fce05b5e0506211406bd92508@...l.gmail.com

> Hello people, I made in my network website server with SQL with
> vulnerabilities to learn how to exploit it, I searched in google and i
> tried but dont work, the report of the nessus is:
>
>
> The following URLs seem to be vulnerable to various SQL injection
> techniques :
>
> /resources/expand_subject.asp?id='UNION'
> /resources/expand_subject.asp?id='

 [...snip!...]

> /resources/expand_subject.asp?id=') or ('a'='a
>
> now,how can I exploit it?,somebody can guide me plz?,thank u very
> much,good luck.

  Fascinating.  This appears to be a *very* precisely-targeted request:
according to google, there are only three websites on the entire web that
use the software you're trying to exploit.

  As if by an astonishing coincidence, they're all zionist-related sites, so
I suppose must be considered politically controversial.

  And you did make a post to the hackresi list back at the start of May
claiming to be an Israeli libertarian-communist with anarcho-Kropotkinist
leanings and wanting to make contact with other hacktivists.

  Are you planning a skiddie-style defacement spree?  Can we all watch as
you get busted because you've left your fingerprints all over it before you
even get started?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Nessus mailing list
Nessus@...t.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ