Tuesday, April 15, 2008

SQLZoo - Your one stop for SQL

How many times you were facing a SQL Injection and you have doubts or didn't remember how a query was made for a specific database? Or sometimes you don't want to start Vmware machine just to try a query, so you start googling for an answer. But there is a great website for this kind of needs called SQLzoo, here you can find a lot of examples for every type of query for the different database engines, and the best is that you can execute the queries and check if they are correct.

Another great resource is the reference section where you can find information on how to obtain Metadata and how to run queries about Functions, Selects and Users for all the different database engines.

Also there is SQL Injection area, where you can try some injections against a vulnerable system.

There are many more interesting things related to SQL in the site, check it here SQLzoo


Wednesday, April 2, 2008

Pwn to own

In CansecWest Conference they created a contest where there were three machines with 3 differents OS's. The one who managed to pwn one of them, will win money and the machine.

Well now the contest is over and the results are this:

1- MacBook Air running OSX 10.5.2 - Charlie Miller - Exploited a Safari bug
2- Fujitsu U810 running Vista Ultimate SP1 - Shane Macaulay (Security Objetives) -

Ubuntu standed strong in the contest and nobody managed to own it. The question is, someone went after the Ubuntu? or everybody concentrated their efforts on the more deployed OS's?

Now everyone will start saying that Linux is stronger than the others, but i don't think that one
contest like this could be used in the war of "Which OS is more secure?"

Also is interesting seeing how in a little time (48hs) when money is put in the game new vulnerabilities are founded.

Charlie in action:

More information here
Video of Charlie Miller after pwning OS X

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...