Search:

Interested in logs/info...based on what you are saying sounds to me like the malware that's been spreading around using mass sql injection attacks...does you web page (since it is hosted), have any...

Or one better, netstat -anob

You don't have to ask what has it open ;)

There are a number of ways...two that come to mind are hidden form inputs and cookies...make sure you don't trust either :)

Usually that means something about the format of your password file isn't something it can read...otherwise it would come back and list the number of passwords and the type of hash, even if it didn't...

Just a little warning, we had a user register for that site and we literally started receiving thousands of spam email messages from them, spoofing as from that user to other users. It was severe...

Where's the conference highlights ? :(

Oh well...definitely making it next year...

Nikto looks at several things that are returned by the webserver. It probably was confused by a result and reported it. As with any scanning tool, it is wise to double check the results for false...

Congrats, got married there this year myself :) Ochos Rios...

Missing it for the first time in a while this year :(

LOL, sorry about that, guess he let his domain name go :), shame, it was a useful tool...

macdaddy?

http://www.opensourceforensics.org/tools/unix.html

Title: mac-daddy Author: Rob Lee
Description: MAC Time collector for forensic incident response. This toolset is a modified...

Love the new definition of full disclosure :D

Heh...pot, kettle, black? See my earlier answer to your post ;)

For actual exploit examples that prove/show what is being done is correct (ie, # of cols and types are what is important, not what...

What does:
'+UNION+SELECT+(1,2)+FROM+users--
''+UNION+SELECT+(1,2)+FROM+users--

return? Note: no numeric argument there and the second is two '

or

1+UNION+SELECT+1,2+FROM+users/*
or

My best guess would be something to the effect of :

?idProduct=1'+UNION+SELECT+(1,2)+FROM+users--
?idProduct=1"+UNION+SELECT+(1,2)+FROM+users--

Since it is choking on the union, my thought is...

Not necessarily, the only thing that matters is that the # of columns matches and that the type is correct...

If I had to guess I'd say there is possibly an issue with a quote somewhere...the...

Glad you were a little more specific about Core's findings and some of the more recent vulnerabilities...I was a little too vague when I mentioned detecting VM's and doing nasty things...

Just because nobody MAY be able to access you directly from the 'outside' does not mean, even by a long shot, that you are safe. A great number of the vulnerabilities out these days for windows /...

I've read through some of the discussions here and just wanted to add my random $0.02 in (these days not worth much, but that is another discussion)...

I miss the tutorials, I even wrote a few of...

Ditto...IMHO you can't effectively learn the finer points of something until you understand the overall architecture of it...get the theory/terminology down pat and the other stuff IMO will come...

Don't allow posting to any forums without logging on and require image verification for each logon...went a long way towards removing the problem on our clan forums...both are natively supported in...

Are the UDP destination or source ports consistent? Assuming XP SP2 or Win2k3 and consistent ports, try netstat -nab, this will tell you all active connections/open/listening ports, and what...

Definitely check out Peter Finnigan...

http://www.petefinnigan.com/

Couple of things, think you are trying merge the actual list and the actual node together in one struct and I don't know if that will work quite right...especially if you start manipulating the...

Autopsy combined with memdump/dd/macdaddy (from Rob Lee @ SANS) is fairly lethal in my opinion...

At least on the free side...