No More and 1=1 v0.3 - repository of SQLi/XSS

In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.

The tool comes in two flavours (so far) the stand alone version (a java app) and the Webscarab Proxy attached version, we may bundle the tool with more proxies in the near future. The tool is simple, its great value comes in the definitions file which is totally customizable.

JPEG - 28.1 kb

Standalone Version

Requirements

  • A Java Runtime Machine is required
  • Put the definitons.csv file (included in the zip file) in the same directory where this program is being run.
  • Please do edit that file according to your needs but Respect the file syntax in definitions.csv:
    Scope,category,injection
  • No commas are allowed in the scope and category names or parsing of definitions file will fail.)
  • Please respect the definitions order (sequential scope and category) or the menu will be over-populated.

Usage

  • You should use the jar file: java -jar NoMore_AND_1=1.jar or just double clic on it.
  • Navigate through the menus to select your injection.
  • Clic on your desired injection and it will copied to your systems clipboard.
  • Paste it wherever (+v).
  • Have fun apptesting and never care again of retyping the same commands over and over again.

Source Code

Webscarab Version

Requirements

  • A Java Runtime Machine is required
  • Put the definitons.csv file (included in the zip file) in the same directory where this program is being run.
  • Please do edit that file according to your needs but Respect the file syntax in definitions.csv:
    Scope,category,injection
  • No commas are allowed in the scope and category names or parsing of definitions file will fail.)
  • Please respect the definitions order (sequential scope and category) or the menu will be over-populated.

Usage

  • You should use the jar file: java -jar webscarab.jar or just double clic on it.
  • When in an injection pane right click and a contextual menu with No more menu will appear. See screenshots section.
  • Clic on your desired injection and it will copied to your systems clipboard.
  • Paste it wherever (+v).
  • Have fun apptesting and never care again of retyping the same commands over and over again.

Source Code

/src/org/owasp/webscarab/util/swing/TextComponentContextMenu.java

Tested in

  • Debian (KDE, DWM)
  • WinXP

More information: here

Post scriptum


Comments

Related Articles

Attack
Exploitation
Local auditing
No More and 1=1