ARTICLE MultiInjector v0.3 released

Friday 14 November 2008 - 758 read - ( Keywords : Fuzzers , MultiInjector , Penetration testing & Ethical Hacking , Vulnerability Scanner )

MultiInjector claims to the first configurable automatic website defacement software.

Feature List:

- Receives a list of URLs as input
- Recognizes the parameterized URLs from the list
- Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
- Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old "cyber graffiti" fun
- OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
- Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks
- Optional use of an HTTP proxy to mask the origin of the attacks

Tool Submitted by Maximiliano Soler


POSTSCRIPTUM

Download


COMPLIANCE MANDATES

Penetration testing & Ethical Hacking : PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


RELATED ARTICLES

Fuzzers, MultiInjector, Penetration testing & Ethical Hacking, Vulnerability Scanner,

14 November 2008 : MultiInjector v0.3 released