Security Bookmarklets

I took a couple of days from my school vacation to write 3 bookmarklets that will help me when auditing web sites, I’d like to share them here because I know that they’ll help some of my friends, and probably one of the two readers of this blog.

Text2SQLChar Converts an string into a CHAR() mysql, usefull when magic_quotes is on.
SQLIncrement Increments automatically the number of columns of the injected select query.
SQLDecrement Decrements automatically the number of columns of the injected select query.
Increment Allows you to navigate up html files or images that have a number in them.
Decrement Allows you to navigate down html files or images that have a number in them.
base64 Firefox only, base64 with no padding

I wrote the first 3 of them, I’m not javascript god, so they need to get improved, I’ll try to make them shorter, and follow a couple of suggestion from bookmarklets.com. The two others come from RSnake’ bookmarklet collection, where I fixed a detail, it was not decoding the URL before using it, so if the url contained an escaped value at the end of the url like %20, it would modify it and change it to %21. I’ll keep this post updated whenever I find or write a new security-related bookmarklet. As another issue, I noticed that the site looks ugly on low resolution systems, so I’ll try to get a new theme to fix that on a couple of days and update the wordpress version.