Portcullis Labs - Sid http://labs.portcullis.co.uk Labs Portcullis updates. en Labs portcullis Tue, 22 Feb 2011 11:21:11 GMT http://backend.userland.com/rss 60 Labs Portcullis hhttp://labs.portcullis.co.uk/mg/logo.gif http://labs.portcullis.co.uk OWASP AU 2009 Slides | Content Thu, 19 Mar 2009 13:14:32 GMT http://labs.portcullis.co.uk/application/owasp-au-2009-slides/ <p>Slides from OWASP Australia 2009.</p><div style="width:425px;text-align:left" id="__ss_1140849"><a style="font:14px Helvetica,Arial,Sans-serif;display:block;margin:12px 0 3px 0;text-decoration:underline;" href="http://www.slideshare.net/sumsid1234/owasp-au-rev4?type=presentation" title="Owasp Au Rev4">Owasp Au Rev4</a><object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=owaspaurev4-090313060629-phpapp02&stripped_title=owasp-au-rev4" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=owaspaurev4-090313060629-phpapp02&stripped_title=owasp-au-rev4" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object><div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px;">View more <a style="text-decoration:underline;" href="http://www.slideshare.net/">presentations</a> from <a style="text-decoration:underline;" href="http://www.slideshare.net/sumsid1234">sumsid1234</a>.</div></div> BSQL brute forcer V2 | Content Wed, 18 Jun 2008 12:21:58 GMT http://labs.portcullis.co.uk/application/bsql-brute-forcer/ <p>This is a modified version of 'bsqlbfv1.2-th.pl'. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line&nbsp; parameter and it works for both integer and string based injections. Databases supported:-<br /> <br /> <b>0. MS-SQL<br /> 1. MySQl<br /> 2. Postgres<br /> 3. Oracle</b><br /> <br /> The tool supports 2 attack modes(-type switch):-<br /> <br /> Type 0:- Blind SQL Injection based on true and false conditions returned by back-end server<br /> <br /> Type 1:- Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.<br /> <br /> Usage example:<br /> <b>$./bsqlbf-v2.pl -url http://192.168.1.1/injection_string_post/1.asp?p=1 -method post -match true -database 0 -sql &quot;select top 1 name from sysobjects where xtype='U'&quot;</b></p>