GAGBOX is your one source to humor and fun

07 December, 2008

MultiInjector - Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing - or a bad thing.

But well here it is anyway.



Features

  • Receives a list of URLs as input

  • Recognizes the parameterized URLs from the list

  • Fuzzes all URL parameters to concatenate the desired payload once an injection is successful

  • Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun

  • OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user

  • Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks

  • Optional use of an HTTP proxy to mask the origin of the attacks



The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.

Requirements

  • Python >= 2.4

  • Pycurl (compatible with the above version of Python)

  • Psyco (compatible with the above version of Python)

You can download MultiInjector v0.2 here:

MultiInjector.py

Or read more here.

Share Your Thoughts!

0 comments:

Post a Comment

Copyright © 2013 GagBox™ is a registered trademark.

Designed by GagBox Inc. Desiged By Templateism.com. Blogger Hosting by Blogger.