Re: Yet another SQL injection framework

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Yet another SQL injection framework
From: "Nick Boyce" <nick.boyce@xxxxxxxxx>
Date: Fri, 20 Apr 2007 14:12:32 +0100
Cc: "Guillermo Marro" <gmmarro@xxxxxxxxxxxx>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IQwnbtTHEUi4II3DI9fBJmzsQ036ofSzxa9KeFtrAtrI6AjbGzFsQFR394JAHTexULWbIrDsJPYoBPvRU2X+JDeZQYFdfxLcnWp26nUvJszv83r53MSad3+oAgrJBJACKmfvDwhPbjNlCd7w9sDIOVUimlchAQOKGI17CuHYUMo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=m+bDhW9EA3AYhkvh0lJZQK6t+7Ho83Qz15ODLy3aat25G9NtuIznq7T4/5MCaHGBLPiEXAnF38DrdJCisrOpbuRcy+mYSKYEiJXlnfnQbpTzf6CStNwovOFGwIKkqiX0alHizF8wvZWw80OqIei4V2Z1mkht9TZ7OxLQIPsy//E=
In-reply-to: <1177008266.5628.29.camel@bilom>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1177008266.5628.29.camel@bilom>

On 4/19/07, Guillermo Marro <gmmarro@xxxxxxxxxxxx> wrote:

FG-Injector is a free tool that leverages the pentester's work by
facilitating the exploitation of SQL Injection vulnerabilities.

[...]

Get both, sources and a windows binary from:
http://www.flowgate.net/?lang=en&seccion=herramientas


Um .. when I click on the link for "FG-Injector" at the above site
with my NoScript-enabled Firefox all I see is what looks like a server
log entry for my interaction :

aaa.bbb.ccc.ddd Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 /injector

This is presumably because the actual links are infested with Javascript :

onClick="javascript:showStaff('injector')"

Since I'm following links in an email on a security mailing list I'm
disinclined to disable NoScript - any chance you can convert the links
into normal HREFs ?

I could go and grab your Javascript library and figure out what
'showStaff' does ... but I'd rather just click on an old-school link.

Cheers
Nick Boyce
--
I speak to all bloggers everywhere: just shut up for a second and let
me think, will you?
-- blog comment at http://it-gears.blogspot.com/   :-)

Follow-Ups:
- RE: Yet another SQL injection framework
  - From: Greg Merideth

References:
- Yet another SQL injection framework
  - From: Guillermo Marro

Prev by Date: Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org
Next by Date: TSLSA-2007-0013 - multi
Previous by thread: Re: Yet another SQL injection framework (file corruption)
Next by thread: RE: Yet another SQL injection framework
Index(es):
- Date
- Thread