The developers have since released a patch for the plugin (version 4.6.1) (see https://wordpress.org/plugins/newsletter/changelog/ for more information).
There seems to be limited information on pentesting Firebird databases on the Internet.
Firebird database server listens on TCP port 3050.
One good resource I found is http://blog.opensecurityresearch.com/2012/07/fun-with-firebird-database-default.html.
It seems like most people do not change the default SYSDBA credentials for their Firebird database. Below are the default credentials.
I have encountered before that the access card database system was using Firebird database for its backend.
This python script requires pyfirebirdsql library from https://github.com/nakagami/pyfirebirdsql.
Firebird requires you to supply the database name on the server you are trying to.
One way to get around it is to check for active connections on the Firebird database server.
What this tools does is to
1. Connect to the Firebird database server using the default credentials
2. List the connected databases
3. Dump the records from the Firebird database server
You can also use the -wordlist argument to supply it a wordlist of database names so that it can attempt to brute-force. That is useful if there aren’t any active connections (or databases not mounted) on the Firebird database that you are trying to access.
The common-tables.txt file from sqlmap is useful if you need a wordlist.
The tool can be downloaded from the below Github repo.
I wrote a script to tests and sorts proxy servers (socks4, socks5, http, https).
There are readily available scripts out there on the Internet that does the same. I just want to write my own.
Sometimes, during a web application test, your IP address might get flagged and blocked by the target’s WAF.
Proxy servers might just be useful in this type of situation. However, regard all proxy servers as malicious and unsafe. You do not want to send sensitive data like credentials over the proxy servers.
If you are doing anything malicious, do not access the proxy servers directly as the ISP might be able to pinpoint the end point of the attack easily.
Below is a screenshot of the help menu for the proxyTester.py script.
Below is an example of the command to run
python proxyTester.py -i proxies.txt -o profile1 -n 100 -time -t https -sort
The script accepts a text file containing proxy servers in the below format
The input file can contain a mixture of Socks4, Socks5, HTTPs, HTTP proxies.
In the below example, the script reads the list of proxies from the file using the -in argument, tests and sorts the proxies using 80 concurrent threads into categories (Socks4, Socks5, HTTPs) and outputs a Proxifier profile PPX file (which you can import into Proxifier if you are using this).
You can use the -time argument in the script to test the latency of the connection.
It might be useful as you might want to avoid using a proxy that has a high latency.
Your computer -> Proxy server -> Website
You can download the script from the below Github repo.