Simple SQL Injection Vulnerability Scanner 0.5 released

Today I am releasing version 0.5 of my Simple SQL Injection Vulnerability Scanner. [Download here] It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz […]... Read More

Joke Website Script SQL Injection and Cross-Site Scripting Vulnerabilities

Please view the original advisory here. The “Joke Website Script” is exposed to SQL Injection and Cross-Site Scripting attacks. >> #1 SQL Injection target/search.php?submit=Search&keyword=[SQLi] >> #2 Cross-Site Scripting target/search.php?submit=Search&keyword=[XSS]... Read More

Lyrics Script SQL Injection and Cross-Site Scripting Vulnerabilities

Please view the original advisory here. The “Lyrics Script” suffers from various SQL Injection and Cross-Site Scripting vulnerabilities. >> #1 SQL Injection target/search_results.php?search=Search&k=[SQL Injection] target/browse_artist.php?letter=[SQL Injection] target/browse_song.php?letter=[SQL Injection] >> #2 Cross-Site Scripting target/search_results.php?search=Search&k=[XSS]... Read More
Simple SQL Injection Vulnerability Scanner - sample output

Simple SQL Injection Vulnerability Scanner 0.3 released

Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features). [Download here] Description The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Features – Scan a […]... Read More
Joomla Component BF Quiz SQL Injection Exploit

Joomla Component BF Quiz SQL Injection Exploit released

Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago. Please click here to download the Python sploit. Usage example: python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34” Features: – Check if the provided URL is reachable – Display current database, […]... Read More

Joomla Component BF Quiz SQL Injection Vulnerability

Please view the original advisory here. The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks. I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this […]... Read More