sqlmap 0.9 Released – SQL Injection Tool

After a year of hardcore development, sqlmap 0.9 is out!
Introduction:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Groupon Leaks Entire Indian User Database

The entire user database of Groupon’s Indian subsidiary Sosasta.com was accidentally published to the Internet and indexed by Google.
The database includes the e-mail addresses and clear-text passwords of the site’s 300,000 users. It was discovered by Australian security consultant Daniel Grzelak as he searched for publicly accessible databases containing e-mail

Lilupophilupop SQL Injection Tops 1 Million Infected Pages

A SQL attack which is increasing at extremely fast rates has been uncovered by ISC ( Internet Storm Center ) has seen to raise from just a few hundred pages to over 1 million in just a few weeks.
From the past few weeks of going over submitted results and information from interweb users they have put together some interesting data, one it seems to be targeting windows based servers and from the logs it seems they had been doing a bit of probing around within the weeks before the sites been injected with a special string:

Fully Automated MySQL 5 Boolean Enumeration Script

This script uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping.
Syntax:

perl mysql5enum.pl -h [hostname] -u [url] [-q [query]]

Example:

Hackers Threaten to Post Source Code for Symantec Product

Hackers have posted a file online that they claim is a confidential glimpse into Symantec’s Norton Antivirus program and have threatened to release source code for the security giant’s flagship antivirus product.

The hacker group, which calls itself the Lords of Dharmaraja, posted a file on Pastebin that it said described the confidential workings of Symantec’s Norton Antivirus threat-detection product.