Research, demonstrations, and popcorn


After doing some research into MongoDB for the company I currently work for, I started looking around at some servers online.  What I found was amazing.  Database servers almost never need to be exposed on the perimeter of a network, but there are thousands upon thousands out there exposed.  I have seen excuses ranging from “We have our…

Continue Reading

Vulnerability Found: Russian District of Tambov Government Site

The Russian District of Tambov’s government run website is vulnerable to a PostgreSQL injection.  The site is not fixed as I have tried sending several notices to the site owners, but every email I have sent bounced back and every “Contact Us” form I have submitted timed out without sending. As per usual, the actual…

Continue Reading

Vulnerability Found: Alienware Arena

This vulnerability post originated from my old site and last updated on June 5th, 2013.  I have done some slight updates now that I am moving it over to my new site. Let me start this post with a note: I like and appreciate Alienware’s solid products. I have owned a couple Alienware laptops for years.  They have survived falling off a…

Continue Reading

Vulnerability Found: Smith & Wesson

This is an older vulnerability I am posting for the sake of getting all my old content moved over to the new site. While browsing Gun Broker, I noticed several Smith and Wesson ads embedded in the page. After looking at the URL, I noticed the it looked like a normal PHP URL with GET…

Continue Reading

Blind SQL Injections

This PDF is a paper I wrote in 2012 demonstrating different blind SQL injection methods on different database platforms.  The information for Oracle is theoretical, due to my limitations at the time of platforms available for testing.  If I have the time, I will try to verify the Oracle method soon. The document covers blind…

Continue Reading