MENU
last data update: 2011/10/21, 13:35
Website loading time
during the test: 0.93 s
cable connection (average): 1.2 s
DSL connection (average): 1.47 s
modem (average): 15.67 s
HTTP headers
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2011 20:35:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://websec.wordpress.com/xmlrpc.php
Link:
Last-Modified: Fri, 21 Oct 2011 20:35:44 +0000
Cache-Control: max-age=300, must-revalidate
X-nananana: Batcache
Information about DNS servers
websec.wordpress.com | CNAME | lb.wordpress.com | IN | 14400 |
Received from the first DNS server
Received from the second DNS server
Subdomains (the first 50)
Typos (misspells)
qebsec.wordpress.com aebsec.wordpress.com sebsec.wordpress.com eebsec.wordpress.com 3ebsec.wordpress.com 2ebsec.wordpress.com wwbsec.wordpress.com wsbsec.wordpress.com wdbsec.wordpress.com wrbsec.wordpress.com w4bsec.wordpress.com w3bsec.wordpress.com wevsec.wordpress.com wensec.wordpress.com wehsec.wordpress.com wegsec.wordpress.com webaec.wordpress.com | webzec.wordpress.com webxec.wordpress.com webdec.wordpress.com webeec.wordpress.com webwec.wordpress.com webswc.wordpress.com webssc.wordpress.com websdc.wordpress.com websrc.wordpress.com webs4c.wordpress.com webs3c.wordpress.com websex.wordpress.com websev.wordpress.com websef.wordpress.com websed.wordpress.com ebsec.wordpress.com wbsec.wordpress.com | wesec.wordpress.com webec.wordpress.com websc.wordpress.com webse.wordpress.com ewbsec.wordpress.com wbesec.wordpress.com wesbec.wordpress.com webesc.wordpress.com websce.wordpress.com wwebsec.wordpress.com weebsec.wordpress.com webbsec.wordpress.com webssec.wordpress.com webseec.wordpress.com websecc.wordpress.com |
Location
IP: 74.200.243.251, 74.200.244.59, 76.74.254.120, 76.74.254.123, 72.233.2.58, 72.233.69.6
continent: NA, country: United States (USA), city: Plano
Website value
rank in the traffic statistics:
There is not enough data to estimate website value.
Basic information
website build using CSS
code weight: 103.15 KB
text per all code ratio: 54 %
title: Reiners’ Weblog
description:
keywords:
encoding: UTF-8
language: en
Website code analysis
one word phrases repeated minimum three times
two word phrases repeated minimum three times
three word phrases repeated minimum three times
B tags
automatically detected
language file
a
1
s
9
15
398720351149
Update:
U tags
I tags
If you don’t know what blind
extractvalue
Accept-Language
Accept-Language: es
language file
Accept-Language: foobar
Accept-Language: index.php
Accept-Language: ../index.php
?id=17
worker/funcs.php
messages/
a:1
{
s:9:”secretkey”
s:15:”p1r4t3s.k1lly0u”
}
worker/mysql.php
sql_db
__wakeup()
__destruct()
sql_close()
logs
sql_db()
createLog()
log_table
users
printGold()
images
file name | alternative text |
---|---|
icon_wink.gif?m=1304368616g | ;) |
speech_bubble.gif?m=1304368632g | |
documents.gif?m=1304368632g | :) |
permalink.gif?m=1304368632g | RIPS file graph |
figure_ver1.gif?m=1304368632g | RIPS function graph |
aalabs.jpg?w=200&h=110 | RIPS stats |
aalabs_report.jpg?w=200&h=110 | |
icon_smile.gif?m=1304368616g | |
files.jpg?w=450 | |
functions.jpg?w=450 | |
stats.jpg?w=450 | |
pigs.jpg?w=300&h=178 | |
rips1.jpg?w=400&h=238 | |
group_concat1.jpg?w=450 | |
p-18-mFEk4J448M.gif?labels=%2Clanguage.en%2Ctype.wpcom | |
p?cj=1c1=2&c2=7518284 | |
b.gif?v=noscript |
headers
H1
Reiners’ Weblog
H2
hack.lu CTF 2011 challenge writeup – Secret Space Code
hack.lu CTF 2011 challenge writeup – AALabs (Part 1)
Project RIPS – Status
Blind SQLi techniques
SQLi filter evasion cheat sheet (MySQL)
Basic filter
Function filter
Keyword filter
hack.lu CTF challenge 21 writeup – PIGS
Blind SQL injection with load_file()
RIPS – A static source code analyser for vulnerabilities in PHP scripts
Exploiting hard filtered SQL Injections 3
Exploiting hard filtered SQL Injections 2 (conditional errors)
Archives
Categories
active
blogs
Meta
H3
hack.lu CTF 2011 challenge writeup – Secret Space Code
hack.lu CTF 2011 challenge writeup – AALabs (Part 1)
Project RIPS – Status
Blind SQLi techniques
SQLi filter evasion cheat sheet (MySQL)
Basic filter
Function filter
Keyword filter
hack.lu CTF challenge 21 writeup – PIGS
Blind SQL injection with load_file()
RIPS – A static source code analyser for vulnerabilities in PHP scripts
Exploiting hard filtered SQL Injections 3
Exploiting hard filtered SQL Injections 2 (conditional errors)
Archives
Categories
active
blogs
Meta
H4
H5
H6
internal links
address | anchor text |
---|---|
http://websec.wordpress.com/ | Reiners’ Weblog |
http://websec.wordpress.com/ | Home |
http://websec.wordpress.com/talks/ | Talks |
http://websec.wordpress.com/papers/ | Papers |
http://websec.wordpress.com/tools/ | Tools |
http://websec.wordpress.com/about/ | About |
http://websec.wordpress.com/2011/09/27/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-secret-space-code/ | hack.lu CTF 2011 challenge writeup – Secret Space |
http://websec.wordpress.com/2011/09/27/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-secret-space-code/#comments | 1 Comment |
http://websec.wordpress.com/category/ctf/ | CTF |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/category/xss/ | XSS |
http://websec.wordpress.com/2011/09/27/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-secret-space-code/ | Permalink |
http://websec.wordpress.com/2011/09/26/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-aalabs-part-1/ | hack.lu CTF 2011 challenge writeup – AALabs (Part |
http://websec.wordpress.com/2010/10/30/hack-lu-ctf-challenge-21-writeup-pigs/ | last years |
http://websec.wordpress.com/2011/09/26/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-aalabs-part-1/#respond | Leave a Comment |
http://websec.wordpress.com/category/ctf/ | CTF |
http://websec.wordpress.com/category/php/ | PHP |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/2011/09/26/hack-lu-ctf-2011-challenge-writeup-%e2%80%93-aalabs-part-1/ | Permalink |
http://websec.wordpress.com/2011/06/04/project-rips-status/ | Project RIPS – |
http://websec.wordpress.com/tools/ | RIPS |
http://websec.wordpress.com/2011/06/04/project-rips-status/#comments | 12 Comments |
http://websec.wordpress.com/category/php/ | PHP |
http://websec.wordpress.com/category/projects/ | Projects |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/tag/php-analyser/ | PHP Analyser |
http://websec.wordpress.com/tag/php-scanner/ | PHP Scanner |
http://websec.wordpress.com/tag/rips/ | RIPS |
http://websec.wordpress.com/tag/static-analysis/ | static analysis |
http://websec.wordpress.com/2011/06/04/project-rips-status/ | Permalink |
http://websec.wordpress.com/2011/04/06/blind-sqli-techniques/ | Blind SQLi |
http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/ | here |
http://websec.wordpress.com/2011/04/06/blind-sqli-techniques/#comments | 11 Comments |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/2011/04/06/blind-sqli-techniques/ | Permalink |
http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ | SQLi filter evasion cheat sheet |
http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/#comments | 29 Comments |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/tag/sql-filter-bypass/ | SQL filter bypass |
http://websec.wordpress.com/tag/sql-filter-evasion/ | SQL filter evasion |
http://websec.wordpress.com/tag/sql-obfuscation/ | SQL obfuscation |
http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ | Permalink |
http://websec.wordpress.com/2010/10/30/hack-lu-ctf-challenge-21-writeup-pigs/ | hack.lu CTF challenge 21 writeup – |
http://websec.wordpress.com/2010/10/30/hack-lu-ctf-challenge-21-writeup-pigs/#comments | 1 Comment |
http://websec.wordpress.com/category/ctf/ | CTF |
http://websec.wordpress.com/category/php/ | PHP |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/2010/10/30/hack-lu-ctf-challenge-21-writeup-pigs/ | Permalink |
http://websec.wordpress.com/2010/10/01/blind-sql-injection-with-load_file/ | Blind SQL injection with |
http://websec.wordpress.com/2010/10/01/blind-sql-injection-with-load_file/#comments | 5 Comments |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/2010/10/01/blind-sql-injection-with-load_file/ | Permalink |
http://websec.wordpress.com/2010/06/11/rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/ | RIPS – A static source code analyser for vulnerabilities in PHP |
http://websec.wordpress.com/projects/ | PHP Scanner |
http://websec.wordpress.com/2010/06/11/rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/#comments | 23 Comments |
http://websec.wordpress.com/category/php/ | PHP |
http://websec.wordpress.com/category/projects/ | Projects |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/tag/php-analyser/ | PHP Analyser |
http://websec.wordpress.com/tag/php-scanner/ | PHP Scanner |
http://websec.wordpress.com/tag/rips/ | RIPS |
http://websec.wordpress.com/2010/06/11/rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/ | Permalink |
http://websec.wordpress.com/2010/05/26/exploiting-hard-filtered-sql-injections-3/ | Exploiting hard filtered SQL Injections |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | Exploiting hard filtered SQL Injections |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | here |
http://websec.wordpress.com/2007/11/11/mysql-syntax/ | whitespace |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | first part |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | Part 1 |
http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/ | Part2 |
http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ | SQLi filter evasion cheatsheet |
http://websec.wordpress.com/2010/05/26/exploiting-hard-filtered-sql-injections-3/#comments | 15 Comments |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/tag/sql-filter-bypass/ | SQL filter bypass |
http://websec.wordpress.com/tag/sql-filter-evasion/ | SQL filter evasion |
http://websec.wordpress.com/tag/sql-obfuscation/ | SQL obfuscation |
http://websec.wordpress.com/2010/05/26/exploiting-hard-filtered-sql-injections-3/ | Permalink |
http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/ | Exploiting hard filtered SQL Injections 2 (conditional |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | Exploiting hard filtered SQL Injections |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | exploiting hard filtered SQL Injections |
http://websec.wordpress.com/2008/09/09/mysql-authentication-bypass/ | comparison of three operands |
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ | Part 1 |
http://websec.wordpress.com/2010/05/26/exploiting-hard-filtered-sql-injections-3/ | Part 3 |
http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ | SQLi filter evasion cheatsheet |
http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/#comments | 6 Comments |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/tag/sql-filter-bypass/ | SQL filter bypass |
http://websec.wordpress.com/tag/sql-filter-evasion/ | SQL filter evasion |
http://websec.wordpress.com/tag/sql-obfuscation/ | SQL obfuscation |
http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/ | Permalink |
http://websec.wordpress.com/page/2/ | |
http://websec.wordpress.com/2011/09/ | September 2011 |
http://websec.wordpress.com/2011/06/ | June 2011 |
http://websec.wordpress.com/2011/04/ | April 2011 |
http://websec.wordpress.com/2010/12/ | December 2010 |
http://websec.wordpress.com/2010/10/ | October 2010 |
http://websec.wordpress.com/2010/06/ | June 2010 |
http://websec.wordpress.com/2010/05/ | May 2010 |
http://websec.wordpress.com/2010/03/ | March 2010 |
http://websec.wordpress.com/2010/02/ | February 2010 |
http://websec.wordpress.com/2009/11/ | November 2009 |
http://websec.wordpress.com/2009/01/ | January 2009 |
http://websec.wordpress.com/2008/12/ | December 2008 |
http://websec.wordpress.com/2008/10/ | October 2008 |
http://websec.wordpress.com/2008/09/ | September 2008 |
http://websec.wordpress.com/2008/05/ | May 2008 |
http://websec.wordpress.com/2007/11/ | November 2007 |
http://websec.wordpress.com/category/ctf/ | CTF |
http://websec.wordpress.com/category/other/ | Other |
http://websec.wordpress.com/category/php/ | PHP |
http://websec.wordpress.com/category/projects/ | Projects |
http://websec.wordpress.com/category/sqli/ | SQLi |
http://websec.wordpress.com/category/web-security/ | Web Security |
http://websec.wordpress.com/category/xss/ | XSS |
http://websec.wordpress.com/wp-login.php?action=register | Register |
http://websec.wordpress.com/wp-login.php | Log in |
javascript:void(0) | Follow |
external links
address | anchor text |
---|---|
http://2011.hack.lu/index.php/CaptureTheFlag | hack.lu 2011 conference CTF |
http://twitter.com/fluxfingers | we |
http://hacklu.fluxfingers.net/ | organized |
http://support.microsoft.com/kb/2416400 | patched |
http://scarybeastsecurity.blogspot.com/2010/09/ie8-css-based-forced-tweeting.html | scarybeast |
http://scarybeastsecurity.blogspot.com/2010/09/ie8-css-based-forced-tweeting.html | blogpost |
http://websec.sv.cmu.edu/css/css.pdf | this paper |
https://twitter.com/0x6D6172696F | .mario |
http://hacklu.fluxfingers.net/ | last year |
http://twitter.com/fluxfingers | FluxFingers |
http://2011.hack.lu/index.php/CaptureTheFlag | hack.lu conference CTF |
https://ctf.hack.lu/ | participants |
http://websec.files.wordpress.com/2011/09/aalabs.jpg | |
http://websec.files.wordpress.com/2011/09/aalabs_report.jpg | |
http://sourceforge.net/projects/rips-scanner/files/ | here |
http://websec.files.wordpress.com/2011/06/files.jpg | RIPS file graph |
http://websec.files.wordpress.com/2011/06/functions.jpg | RIPS function graph |
http://websec.files.wordpress.com/2011/06/stats.jpg | RIPS stats |
https://media.blackhat.com/bh-us-10/presentations/Esser/BlackHat-USA-2010-Esser-Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits-slides.pdf | here |
http://sourceforge.net/projects/rips-scanner/files/CHANGELOG/view | changelog |
https://sourceforge.net/projects/rips-scanner/ | sourceforge |
http://www.exploit-db.com/papers/13696/ | this article |
http://h.ackack.net/faster-blind-mysql-injection-using-bit-shifting.html | extracting data with bit shifting |
http://websec.ca/blog/view/optimized_blind_sql_injection_data_retrieval | extracting data with find_in_set |
http://bit.ly/fRdjEh | extracting data with find_in_set and regexp |
http://qwazar.ru/?p=7 | extracting data through mysql errors |
https://rdot.org/forum/showpost.php?p=15425&postcount=20 | extracting data through mysql errors |
http://www.glitcheaven.com/showthread.php?t=4136 | here |
http://phpids.org/ | PHPIDS |
http://websec.files.wordpress.com/2010/11/sqli2.pdf | here |
http://www.fluxfingers.net/ | we |
http://2010.hack.lu/index.php/Main_Page | hack.lu |
http://hacklu.fluxfingers.net/ | http://hacklu.fluxfingers.net/ |
http://websec.files.wordpress.com/2010/10/pigs.jpg | |
https://addons.mozilla.org/firefox/addon/3829/ | Live HTTP Headers |
http://php.net/__wakeup | __wakeup() |
http://php.net/__destruct | __destruct() |
http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability/ | piwik exploit |
http://hackit.sh4ka.fr/writeup-pigs-hacklu-sh4ka.pdf | here |
http://wiki.apache.org/httpd/DistrosDefaultLayout | official list |
http://www.php-security.org | Month Of PHP Security |
http://sourceforge.net/projects/rips-scanner/ | SourceForge |
http://websec.files.wordpress.com/2007/11/rips1.jpg | |
http://www.php-security.org/2010/05/24/mops-submission-09-rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/index.html | HTML |
http://sourceforge.net/projects/rips-scanner/files/rips.pdf/download | |
http://sourceforge.net/projects/rips-scanner/files/ | [download RIPS] |
http://www.campus-party.eu/NetworkSecurity.html | Campus Party |
http://www.securitybydefault.com/ | SecurityByDefault |
http://websec.files.wordpress.com/2010/05/group_concat1.jpg | |
http://www.securitybydefault.com/ | SecurityByDefault |
http://dev.mysql.com/doc/refman/5.1/en/regexp.html#operator_regexp | REGEXP |
http://www.fluxfingers.net | FluxFingers |
http://sla.ckers.org/forum/ | sla.ckers |
http://twitter.com/FluxReiners | |
http://bernardodamele.blogspot.com/ | Bernardo Damele |
http://christ1an.blogspot.com/ | christ1an |
http://d0mber.blogspot.com | d0mber |
http://www.das-labor.org/blog/ | Das Labor |
http://www.thespanner.co.uk/ | Gareth Heyes |
http://devels-playground.blogspot.com/ | Gnarf |
http://www.gnucitizen.org/ | gnucitizen |
http://hackademix.net/ | hackademix |
http://hackathology.blogspot.com/ | hackathology |
http://wasjournal.blogspot.com/ | Kishor |
http://kuza55.blogspot.com/ | kuza55 |
http://pentestmonkey.net/blog/ | pentestmonkey |
http://phpids.org/ | PHPIDS |
http://ha.ckers.org/ | RSnake |
http://sirdarckcat.blogspot.com/ | sirdarckcat |
http://p42.us/ | thornmaker |
http://theme.wordpress.com/themes/contempt/ | Contempt |
http://www.vault9.net | Vault9 |
http://wordpress.com/?ref=footer | Blog at WordPress.com |
http://wordpress.com | Powered by WordPress.com |