MultiInjector v0.3 released

MultiInjector claims to the first configurable automatic website
defacement software.

Feature List:


  • Receives a list of URLs as input
  • Recognizes the parameterized URLs from the list
  • Fuzzes all URL parameters to concatenate the desired payload once
    an injection is successful
  • Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old "cyber graffiti" fun
  • OS command execution - remote enabling of XP_CMDSHELL on SQL
    server, subsequently running any arbitrary operating system command
    lines entered by the user
  • Configurable parallel connections exponentially speed up the attack
    process - one payload, multiple targets, simultaneous attacks
  • Optional use of an HTTP proxy to mask the origin of the attacks

Tool Submitted by Maximiliano Soler

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Fuzzers
MultiInjector
Penetration testing & Ethical Hacking
Vulnerability Scanner