This is the Official podcast for HackTalk.net. In Episode 0×01 we will be discussing why the podcast was formed along with some Do’s and Don’ts of con, why security awareness programs suck, how to protect yourself against getting your DB posted to pastebin and ensuring your user’s credentials are safe even if they do get posted online, a really cool technique for persistence using WMIs and talk about some tips on secure password storage.
Today we have a really great post on Error Based MySQL injection by an all around great guy and one of @hacktalkblog’s twitter followers, Mr. Keith Makan. This tutorial gives a good dork on finding the vulnerabilities and even teaches you how to go from SQLi to XSS, LFI & RFI. The tutorial is after [...]
It seems that my recent disclosure of an XSS in a Harvard.edu subdomain has sparked someone to start looking into Harvard a bit more closely. I was recently contacted through IRC and given the following download link to a database dump of mazur.harvard.edu which, I assume, was found through SQLi. Download after the fold