The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
ssh_version example

The example does not set the RHOSTS value. I can only assume when they were running it a previously used value was carried forward, however to run this command alone the following would need to have been run

"set RHOSTS ip_range"

where ip_range is the ip address range for the example.

aziramai  Nov 07, 2011 
snmp_login example

Syntax error in command - should read 'use scanner/snmp/snmp_login' but currently reads ' use use scanner/snmp/snmp_login'

Anonymous  Nov 07, 2011 
Printed Page 270,272,273
p. 270 para 1, p.272 item 2, p. 273 item 4

When the user attempts to login to the vulnerable web page no matter what user and password he/she uses (including the SQL injection) an SQL error is returned saying user sa cannot login.

There are two problems here, the first is that the user cannot login and the second is that the SQL injection string is incorrect.

1. User cannot login
The vulnerable web page file called web.config 4th line contains the SQL database password=password1 but on page 270 and 272 of the book the password is defined as password123. To fix this problem either open the web.config file and change password1 to password123 then save, then amend the SQL database login at login time. Alternatively amend the text in the book on the pages indicated above and use password123 instead of password1.
Long term could the publishers please amend the text accordingly.

2. SQL Injection string is incorrect, see page 273.

The SQL injection string should be changed from OR 1=1-- to
'OR 1=1--

Note this is a single quote (found on the @key) followed by a capital oh R space then 1=1 and two minus signs.

I think elswhere on some other site someone else has mentioned this so credit to him for this.

Otherwise thanks very much for an excellent book.

Paul Totton  Jul 16, 2012 
PDF Page 272
1st paragraph doesn't show any links to the resources as stated in the paragraph.

Anonymous  Jul 28, 2011 
PDF Page 273
Item 2

After configuring the vulnerable WinXP as described in Annex A, the Default.aspx file supplied in displays a "Succesfully logged into the page" immediately. There is no username/password box.

Since I'm not too familiar with ASP, any idea what's going wrong here?


Anonymous  Jul 28, 2011 
Printed Page 273
Step 4

In reference to above report, issue is just formatting.

Correct way to complete this fourth step is the following:
In User field, enter the single quote mark followed by OR 1=1--
then enter any data in password field.

(User field) 'OR 1=1--
(pwd field) asdf

For clarity, there are two dashes following the 1=1, and not a minus sign.

The printed version shows the double dash as a single character.
Outstanding book.

Anonymous  Sep 17, 2011 
Printed, PDF Page 273
Step 2

I guess I am having the same problem. I get logged in without being asked for the username and password

Anonymous  Oct 12, 2011