Comments for Bonsai - Information Security Blog

Comment on Cross Site Scripting Payloads by andres.riancho

andres.riancho — Sun, 18 Oct 2009 18:06:17 +0000

@Sébastien Duquette The feature has been in the trunk for some time now. You can find it in the GUI menu. Thanks!

Comment on Cross Site Scripting Payloads by Sébastien Duquette

Sébastien Duquette — Sun, 18 Oct 2009 01:02:14 +0000

Nice feature. I updated w3af on Windows but couldn’t find it. Do you have an idea when it will be added to trunk ?

Comment on moth – A VMware image with vulnerable web applications by System Advancements at the Monastery » Blog Archive » Learning By Doing: Hacker Challenges and Practice Sites

Sun, 23 Aug 2009 05:57:05 +0000

[...] Web Application Attack and Audit Framework (w3af) project has created a VMware image, called Moth, which is a set of vulnerable Web Applications and scripts. The w3af core and it’s plugins [...]

Comment on Not the average SQL Injection by Adam Baldwin

Adam Baldwin — Thu, 23 Jul 2009 04:17:59 +0000

I would have loved to have known this as well when I worked through a similar injection technique in March ‘09 when working with OpenCart. I learned that subqueries are your friend. Great information both of you.

Reference:
http://www.ngenuity.org/wordpress/2009/05/12/ngenuity-2009-005-opencart-re-visited-exploit-included/
http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/

Comment on Not the average SQL Injection by andres.riancho

andres.riancho — Mon, 20 Jul 2009 14:32:05 +0000

@Bernardo I totally forgot about those slides! You're right, the slides 25 and 26 point this subject. I did all the testing to find a way to inject into ORDER BY without knowing about that previous research. I just hope my post helps somebody that finds it through Google while trying to do the same thing.

Comment on Not the average SQL Injection by Bernardo

Bernardo — Mon, 20 Jul 2009 14:05:11 +0000

I described this back in March ‘09, http://www.slideshare.net/inquis/sql-injection-not-only-and-11 ;)

Comment on Exploiting HTTP Content Negotiation by Bit more efficient brute forcing « DiabloHorn

Bit more efficient brute forcing « DiabloHorn — Thu, 16 Jul 2009 21:59:21 +0000

[...] http://www.bonsai-sec.com/blog/index.php/exploiting-http-content-negotiation/ [...]

Comment on CONFidence and OWASP CtF by admin

admin — Fri, 05 Jun 2009 13:19:43 +0000

@FluxFreddy Thanks, stay tunned because I'm going to be writing at least two more posts, with the CtF level details, code, etc. Also, Pavol from tripkaci is going to write about how they solved a couple of the hard levels.

Comment on CONFidence and OWASP CtF by FluxFreddy

FluxFreddy — Fri, 05 Jun 2009 08:44:16 +0000

Nice Writeup, Andrés! :)
And again, thanks for the CTF, we really enjoyed taking part.

Comment on moth – A VMware image with vulnerable web applications by KrisBelucci

KrisBelucci — Tue, 02 Jun 2009 19:27:14 +0000

Great post! Just wanted to let you know you have a new subscriber- me!