MultiInjector - Automated Stealth SQL Injection Tool Features * Receives a list of URLs as input * Recognizes the parameterized URLs from the list * Fuzzes all URL parameters to concatenate the desired payload once an injection is successful * Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun * OS command execution - remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user * Configurable parallel connections exponentially speed up the attack process - one payload, multiple targets, simultaneous attacks * Optional use of an HTTP proxy to mask the origin of the attacks The author highly recommend running a HTTP sniffer such as IEInspector HTTP Analyzer in order to see all attack requests going out to the targets. Requirements * Python >= 2.4 * Pycurl (compatible with the above version of Python) * Psyco (compatible with the above version of Python) Code: [URL=http://www.darknet.org.uk/2008/11/multiinjector-automated-stealth-sql-injection-tool/]http://www.darknet.org.uk/2008/11/multiinjector-automated-stealth-sql-injection-tool/[/URL]
