wrap-up and bad development

well haven’t quite posted for a while (and I will not apologize, any other blogger does that) due to work and other projects…

no news to anybody, it’s been more than a year since I started Website Anatomy. Don’t get grumpy on the issue because for certainly it will be reopened soon… I hope…

a new version of Skavenger it’s on it’s way… no, it won’t stink (as much) as the first release because the first release was “set up” as a reminder, so I won’t forget to develop it… the same applies to the miniPHPBindShell… that’s the reason why the code sucks…

ah, yes, before I forget. About bad development.

Today I did find the most interesting (dumb) SQL Injection vulnerability. Imagine that I bypassed the authentication script (nothing fancy, the classical way) and was logged under a certain username. The next thing I note is that after a refresh/page change I get another username, which brings me to the idea that the username is stored in a variable and performs a query (the ‘ or 1=1#) on every page request… won’t point the finger because we recently got a collaboration project with them… wait till I show them the funny vulnerability… for surely it will bring some laughs…

p.s. in a couple of week I’m finalizing another project, it’s kind of a secret. But be sure it will something many will find useful, at least I hope…