Security / Penetration Testing (Debian/Ubuntu) – Why Google Skipfish failes to be a top-class web vulnerability scanner

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]... Read More

Mechbunny PaysiteReviewCMS Permanent XSS Vulnerabilities

Please view the original advisory/exploit here. The PaysiteReviewCMS from the vendor Mechbunny suffers from Permanent Cross-Site Scripting vulnerabilities. Additional comment The script image.php is used to include images with specific parameters, such asthe image width. This script might be affected by other vulnerabilities aswell.... Read More

Joomla Component com_golfcourseguide SQL Injection Vulnerability

Please download/view the original advisory here. The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability. Example URL index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection] Versions affected v0.9.6.0 beta, v1 beta... Read More

Specialist Bed and Breakfast Website SQL Injection Exploit released

Today I am releasing my Specialist Bed and Breakfast Website SQL Injection Exploit (remote). [Download] Description The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product. About the vulnerability Learn […]... Read More
Simple SQL Injection Vulnerability Scanner - sample output

Simple SQL Injection Vulnerability Scanner 0.3 released

Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features). [Download here] Description The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Features – Scan a […]... Read More