Posts Tagged ‘SQL Injection’

jsql-injection – Java based Automatic SQL Injection Tool

Today about all programing languages support the working with databses, This makes in penetration test you will need to have several tool to pentest targeted platform. If you want to pentest Java based platform you can consider jSQL. jSQL Injection is a small open source cross-platform application that can be used to run Java based [...]

Share

OWASP published 2013 Top 10 Vulnerabilities

The Open Web Application Security Project (OWASP) have published the top 10 most dangerous vulnerabilities in web-applications for 2013. This release comes to raise awareness about application security by identifying some of the most critical risks facing organizations. The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in [...]

Share

SQL Injection in Joomla! com_estateagent

Joomla as always providing penetration tester with new vulnerabilities that allow hackers to take control of the system, this time a new exploit have been released for (com_estateagent) component that can be used to conduct SQL Injection on vulnerable web server. By checking on Google we can find about more than 2 million website that [...]

Share

Multiple Vulnerabilities on CBS Website

CBS (cbs.com) is a popular media website that has been found open to about 17 Blind SQL Injection, this is beside several XSS cross site scripting vulnerabilities that risk website users. D35m0nd142 posted on pastbin his finding with images to vulnerable URL’s. For detecting those vulnerabilities D35m0nd142 used Acunetix one of the widely known program [...]

Share
Hacked

New zero-day Joomla exploit in the wide

New SQL injection exploit have been published targeting Joomla CMS, the Red Security TEAM have made the exploit available and allow to have database name or check all tables name also you can have the database users login and different user passwords. The vulnerability exists in the discussion component of Joomla (com_discussions) that exist by [...]

Share

Anonymous Defaces Steals and Posts BART User Data

Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. The attack was an SQL injection against the site and was able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. The website has been running a [...]

Share

Blind SQL Injection in Joomla! com_virtuemart <= v1.1.7

One more time Joomla provide us a new vulnerability in one of thier component. This time the vulnerability exists in VirtueMart which is an Open Source E-Commerce solution that can be used together with a Joomla Content Management System (CMS). Steven Seeley & Rocco Calvi from startsec detected the possibility of Blind SQL injection in [...]

Share