SQL Injection Columns Finder @ ISR

Iniciado por c0de.breaker, 8 Junio 2010, 00:00 AM

0 Miembros y 3 Visitantes están viendo este tema.

c0de.breaker

Screenshot:



More here: http://blog.insecurity.ro/sql-injection-column-finder-in-php-%C2%A9-isr/

Online Tool: http://insecurity.ro/columnsfinder.php

Source Code: http://www.teamwork.insecurity.ro/xfiles/%5BPHP%5D-ISR-SQL-Injection-Column-Finder---v1.0--Public-Version-.ISR


Website for testing: http://www.beckerturm-immobilien.de/images.php?id=134

Bonus: The result it's text + audio, you must listen this! :)))

You can use google translate, to understand romanian language! :D

tragantras

or you may do the same in order to speak de apropiate language
Colaboraciones:
1 2

c0de.breaker

Cita de: tragantras en  8 Junio 2010, 15:21 PM
or you may do the same in order to speak de apropiate language

I could speak in Romanian, but isn't a international language like English.
Everyone know this language.

The important thing, it's what I posted, not these things! :)

SpuTniK.

Very good tool, im going to use it now to see if it works.

You've done an incredible work.

Cheers!
Change Your Mind


Fran_Al

the webpage is infected by a troyan ;)

c0de.breaker

Cita de: Fran_Al en  8 Junio 2010, 17:09 PM
the webpage is infected by a troyan ;)

It's encrypted with base64, it's normally!
Decrypt the source, OMG! =))

daemien

Cita de: Fran_Al en  8 Junio 2010, 17:09 PM
the webpage is infected by a troyan ;)

This is a false positive ... your antivirus may see the source code encoded in base64 and gives the alert of a trojan or infected file.

You can decode it if you want to check it out.. and if you can find any suspicious code inside then you are MY MASTER.


Fran_Al


c0de.breaker

Cita de: Fran_Al en  8 Junio 2010, 23:16 PM
the webpage, not the program ;)

Yeah the webpage, where you saw a .exe? =))

daemien

"the program" is the web page : look for yourself
in Firefox: view-source:http://insecurity.ro/columnsfinder.php