SQL Injection Columns Finder @ ISR

[c0de.breaker]

Screenshot:



More here: http://blog.insecurity.ro/sql-injection-column-finder-in-php-%C2%A9-isr/

Online Tool: http://insecurity.ro/columnsfinder.php

Source Code: http://www.teamwork.insecurity.ro/xfiles/%5BPHP%5D-ISR-SQL-Injection-Column-Finder---v1.0--Public-Version-.ISR


Website for testing: http://www.beckerturm-immobilien.de/images.php?id=134

Bonus: The result it's text + audio, you must listen this! ))

You can use google translate, to understand romanian language!

[tragantras]

or you may do the same in order to speak de apropiate language

[c0de.breaker]

or you may do the same in order to speak de apropiate language

I could speak in Romanian, but isn't a international language like English.
Everyone know this language.

The important thing, it's what I posted, not these things!

[SpuTniK.]

Very good tool, im going to use it now to see if it works.

You've done an incredible work.

Cheers!

[Fran_Al]

the webpage is infected by a troyan

[c0de.breaker]

the webpage is infected by a troyan

It's encrypted with base64, it's normally!
Decrypt the source, OMG! =))

[daemien]

the webpage is infected by a troyan

This is a false positive ... your antivirus may see the source code encoded in base64 and gives the alert of a trojan or infected file.

You can decode it if you want to check it out.. and if you can find any suspicious code inside then you are MY MASTER.

[Fran_Al]

the webpage, not the program

[c0de.breaker]

the webpage, not the program

Yeah the webpage, where you saw a .exe? =))

[daemien]

"the program" is the web page : look for yourself
in Firefox: view-source:http://insecurity.ro/columnsfinder.php