MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.
But well here it is anyway.
- Receives a list of URLs as input
- Recognizes the parameterized URLs from the list
- Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
- Automatic defacement – you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
- OS command execution – remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
- Configurable parallel connections exponentially speed up the attack process – one payload, multiple targets, simultaneous attacks
- Optional use of an HTTP proxy to mask the origin of the attacks
The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets.
- Python >= 2.4
- Pycurl (compatible with the above version of Python)
- Psyco (compatible with the above version of Python)
You can download MultiInjector v0.2 here:
Or read more here.
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- MultiInjector v0.3 Released – Automatic SQL Injection and Defacement Tool
- Havij – Advanced Automated SQL Injection Tool
- BSQL Hacker – Automated SQL Injection Framework
Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 75,039 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,093 views
- SQLBrute – SQL Injection Brute Force Tool - 39,703 views