Archive for August 23rd, 2007

SQL Injection ToyNo, this title is not about to the United Nations web site.

Their hole is still gaped by the way, no matter what the U.N. staffers said so far.
As you may recall, I did offer a little free help to fix their bugs (13 AUG), but I've not been contacted back, notwithstanding some public flattery.
At any rate, since the 5 days "grace time" granted them under the RFPolicy is more than expired (10 days now), you may want to stay tuned for a report about their vulnerabilities -- and, more interesting, about the worrying ways they pretend (or, worse, believe?) to have fixed them -- as soon as I find a few minutes for this.

In the meanwhile, the real reason behind this post: I'm releasing a free web-based tool to help those experimenting and studying SQL injections, called SQL Injection Toy (or just SQL IT).

Even if simple, it exhibits some interesting properties:

Bad Behavior has blocked 925 access attempts in the last 7 days.