FatCat Auto SQL Injector

January 10, 2012

This is an automatic SQL Injection tool called as FatCat, Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application.
Only If it is vulnerable to Mysql SQL Injection Vulnerability.

The user friendly GUI of FatCat and automatically detect the sql vulnerability and start exploiting vulnerability.


1)Normal SQL Injection
2) Double Query SQL Injection

In Next Version

1) WAF bypass
2) Cookie Header passing
3) Load File
3) Generating XSS from SQL


1) PHP Verison 5.3.0
2) Enable file_get_function

Print Screen 

Click image for larger version Name: fatcat.jpg Views: 6 Size: 15.4 KB ID: 180





We Provide Penetration Testing

Project 0day – PHP Source Code Testing Tool

August 9, 2011

“PHP Source Auditor”


This is special purpose tool developed for developers who write the code in PHP ,  PSA scan depth into source code file and detect the vulnerable line of code , fetches vulnerability information to the developer .

System Requirement:

  1. Latest .NET Framework
  2. Windows Installed Machine

Following Vulnerability Detected By PSA:

  1. SQl Injection
  2. Remote File Inclusion
  3. Local File Inclusion
  4. Cross Site Scripting
  5. Cross Site Request Forgery
  6. Insecure Cookie Handling
  7. Remote Code Execution
  8. Remote Command Execution
  9. Authentication Bypass

Features :

  • Importing Multiple Files At a Time
  • User Friendly GUI
  • PHP Syntax Highlighting
  • Highlighting Vulnerable Code
  • Pop Up Box for Replacing Vulnerable Code
  • Advance Code Reviewing Method

Old Screen Shot Beta Version

Download Link : Distribution Close

New Version Will Be Release Soon



We Provide Penetration Testing

Yahoo Korea SQL XSS vulnerability

Author : Sandeep Kamble
Date : 21/03/2010
Domain : blogshop.yahoo.co.kr
Risk : High
Status : Fixed


Yahoo Korea having Blog-shop which is one of the most famous sub domain in Korea .
A cross-site-scripting (XSS) vulnerability affecting blogshop.yahoo.co.kr, which at the time of submission ranked 4 on the web according to Alexa.

Exploit Description :

It has Sql injection in the notice_read.html?key script . I was Successful for retrieving the yahoo users cookies from this SQL Injection by inserting JAVA-Script into the SQL Injection payload.

POC (Proof Of Concept ):

3Cscript%3Ealert(‘XSS HERE’);</script>,7,8,9,0,1,2,3,4,5,6,7–%20

Yahoo Koria XSS

Special thanks to Gaurav Kumar (www.lexcodetechnologies.com)


Sandeep Kamble

We Provide Penetration Testing

We Provide Penetration Testing