Reading Log Files in Postgresql Sql Injection – Tutorial

Hey everyone,

So I guess it’s time to learn something juicy about Postgresql.
If you’re injecting a Website based on a Postgresql database then you might wanna check your privileges because this will simply allow you to use lots of interesting Postgresql Functions in case you could:
You can find most of these functions in here: http://www.postgresql.org/docs/9.4/static/functions-admin.html

What we will be covering in this Tutorial is related to reading Log/Config Files, so lets just get started.
Continue reading “Reading Log Files in Postgresql Sql Injection – Tutorial”

Reading Files in MsSql Injection – Tutorial

Hey guys,

Okay, today we’re going to read files just the way we do it in MySql Injection using LOAD_FILE but in MsSql Injection using OPENROWSET. This is simple but very effective and it’s something that wasn’t shared before so lets just get started.
Continue reading “Reading Files in MsSql Injection – Tutorial”

Tortilla – TOR… ALL THE THINGS – Tutorial

This Tutorial is about the Usage of Tortilla with Tor and How to Bypass All The Problems and Errors people are Facing with Tortilla.
Picture:
wirfFFT

Hello,

TOR > VPNs and Proxies so whatever. Enough said, now lets get started.

Continue reading “Tortilla – TOR… ALL THE THINGS – Tutorial”

Blind Postgresql Sql Injection – Tutorial

Hello everyone,
I just realized that there is no Advanced Postgresql Blind Sql Injection  around the Internet and that’s why I decided to make this.
There’s a lot to learn, it took me some time to get things working just fine.
We have a live target: http://www.must.edu.eg/Reports/College_TT.php?College_Id=7

This tutorial consists on letting you know everything you have to know about Postgresql Sql Injection and much more when it comes to Blind Postgresql Sql Injection.
I tried to Sql Inject this target using Popular tools such as Havij and Sqlmap but they failed while CppSqlInjector succeeded.
Take your time to read, it’s kind of confusing if you’re not familiar with Postgresql but I did add a lot of information in here that should be really useful to everyone.
Continue reading “Blind Postgresql Sql Injection – Tutorial”

AVG Hacked – Blind Sql Injection – Vulnerability Fixed – Explained

Hello everyone,

Apparently, 3 weeks ago or so, I found a Critical Vulnerability in AVG’s official website; A Blind Sql Injection.

The Vulnerability has been reported and got fixed as far as I know and here’s some info about it:
Continue reading “AVG Hacked – Blind Sql Injection – Vulnerability Fixed – Explained”

NTP Amplification DoS Attack – by dotcppfile and Red Dragon (Python Script)

Hello everyone,

Red Dragon and I have been working on this for a while and here it is, a working NTP Amplification DoS Attack Python Script that is well tied up and that works perfectly. It has been tested on Linux only. There’s 2 versions; the official one works with python 2.x and the second one was Tweaked by Tea, a close friend and a member of Team Prophetic, and it should work with python 3.x.
Continue reading “NTP Amplification DoS Attack – by dotcppfile and Red Dragon (Python Script)”

Vulnerability in ESET’s Forms – Explained and Revealed

Hello everyone,

So I’ve been checking ESET’s Official Website and I came across something really interesting related to some of their Forms such as:
http://www.eset.com/us/business/contact/
http://www.eset.com/me/support/contact/
http://www.eset.com/int/support/contact/
http://www.eset.com/kh/about/contact/
http://www.eset.com/ci/acheter/formulaire-de-contact/
https://store.esetme.com/ (What’s in it)

These forms have no Email Checker, IP Checker or Captcha, which means that anyone have the capability of using them over and over again and the problem is that ESET’s Automatic Replier will send a Message straight to your inbox whenever you use one of these Forms.
So, I have decided to write a simple script in Python that uses one of these forms threw a Loop which will, literally, transform ESET’s Mail Server to a “Mail Bombing Tool”.
There’s only one requirement for this Script and that would be the victim’s email address.
Continue reading “Vulnerability in ESET’s Forms – Explained and Revealed”

ESET’s Mail Bomber

Hey everyone,
Well I just found a simple vulnerability in ESET’s Official Website which allows anyone to use their Servers as a Mail Bombing tool that is actually Really Fast and that Bypasses Junk Mail.
Check this out if you’re looking for more info about this Vulnerability: https://dotcppfile.wordpress.com/2014/06/25/vulnerability-in-esets-forms-explained-and-revealed/

 

Continue reading “ESET’s Mail Bomber”

Design a site like this with WordPress.com
Get started