Dan Kaminsky's new tool against SQL injection..

Hi malware fighters,
Can be used by coders and IT security staff to provide with a tool that helps prevent them from inadvertently leaving string injection flaws in their code, but also for testing as I will demonstrate below…

Can be found here: http://recursion.com/interpolique.html
Start testing…http://recursion.com/interpolique_xss.html
Output example of test giving in: http://searchlores.org
Intermediate: Base64.decode(“aHR0cDovL3NlYXJjaGxvcmVzLm9yZw==”);
Final (Parsed as Text): http://searchlores.org
Final (Parsed as Safe HTML): http://searchlores.org

Consider: http://www.searchlores.org/droptableifexists.txt
So testing: http://www.google.com/search?as_q=vbulletin.sql&num=10&hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=url&as_dt=i&as_sitesearch=
Output:
Intermediate: Base64.decode(“aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9hc19xPXZidWxsZXRpbi5zcWwmbnVtPTEwJmhsPWVuJmJ0bkc9R29vZ2xlK1NlYXJjaCZhc19lcHE9JmFzX29xPSZhc19lcT0mbHI9JmFzX2Z0PWkmYXNfZmlsZXR5cGU9JmFzX3Fkcj1hbGwmYXNfbmxvPSZhc19uaGk9JmFzX29jY3Q9dXJsJmFzX2R0PWkmYXNfc2l0ZXNlYXJjaD0K”);
Final (Parsed as Text): http://www.google.com/search?as_q=vbulletin.sql&num=10&hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=url&as_dt=i&as_sitesearch=
Final (Parsed as Safe HTML): http://www.google.com/search?as_q=vbulletin.sql&num=10&hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_nlo=&as_nhi=&as_occt=url&as_dt=i&as_sitesearch=

An example with SQL exploit:
Output:
Intermediate: Base64.decode(“aHR0cDovL3d3dy5waHBudWtlLm9yZy91c2VyLnBocD9vcD11c2VyaW5mbyZ1bmFtZT08c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvbwpraWUpOzwvc2NyaXB0Pgo=”);
Final (Parsed as Text): http://www.phpnuke.org/user.php?op=userinfo&uname=
Final (Parsed as Safe HTML): http://www.phpnuke.org/user.php?op=userinfo&uname=kie);alert(document.coo

=== Triggered rule ===
alert(url_content:“%3CSCRIPT”; nocase; msg:“ tags GET request cross site scripting attempt”; url_re:“/%3Cscript.*%3E/i”; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)

=== Request URL ===
http://www.phpnuke.org/user.php?op=user … ent.cookie);%3C/script%3E
"Life is too short to defend broken code,

So get your toolkit in order
Testing can be automated, but we’re not covering that here. Must-have tools for focused manual testing include:

*

  Paros proxy (http://www.parosproxy.org) for intercepting HTTP traffic
*

  Fiddler (http://www.fiddlertool.com/fiddler) for intercepting HTTP traffic
*

  Burp proxy (http://www.portswigger.net/proxy/)
*

  TamperIE (http://www.bayden.com/dl/TamperIESetup.exe) for modifying GETs and POSTs

polonus