[WEB SECURITY] New MultiInjector tool

["Raviv Raz" <ravivr@xxxxxxxxx>]

------=_Part_41323_4861634.1224779439911
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Well folks, due to nearly 200 downloads of the first Injector,
I'm happy to announce the release of the new MultiInjector:
Successor of Injector, the first configurable automatic website defacement
software.
And what better time than on my birthday?
Thus, as my gift to the script kiddy community - hereby is the brand new
MultiInjector with its feature list:

1. Receives a list of URLs as input
2. Recognizes the parameterized URLs from the list
3. Fuzzes all URL parameters to concatenate the desired payload once an
injection is successful
4. Automatic defacement - you decide on the defacement content, be it a
hidden script, or just pure old "cyber graffiti" fun
5. OS command execution - remote enabling of XP_CMDSHELL on SQL server,
subsequently running any arbitrary operating system command lines entered by
the user
6. Configurable parallel connections exponentially speed up the attack
process - one payload, multiple targets, simultaneous attacks
7. Optional use of an HTTP proxy to mask the origin of the attacks

More on that, and downloads at:

http://chaptersinwebsecurity.blogspot.com/2008/10/multiinjector-released-automatic.html

Enjoy ;-)

Raviv.

------=_Part_41323_4861634.1224779439911
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr">Well folks, due to nearly 200 downloads of the first Injector,<br>I&#39;m happy to announce the release of the new
MultiInjector:<br>Successor of Injector, the first configurable automatic
website defacement software. <br>And what better time than on my birthday?<br>Thus, as my gift to the script kiddy community - hereby is the brand new MultiInjector with its feature list:<br><br>1.    Receives a list of URLs as input<br>
2.    Recognizes the parameterized URLs from the list<br>3.    Fuzzes all URL parameters to concatenate the desired payload once an injection is successful<br>4.    Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old &quot;cyber graffiti&quot; fun<br>
5.
OS command execution - remote enabling of XP_CMDSHELL on SQL server,
subsequently running any arbitrary operating system command lines
entered by the user<br>6. Configurable parallel connections
exponentially speed up the attack process - one payload, multiple
targets, simultaneous attacks<br>7.    Optional use of an HTTP proxy to mask the origin of the attacks<br><br>More on that, and downloads at:<br><br><a href="http://chaptersinwebsecurity.blogspot.com/2008/10/multiinjector-released-automatic.html";>http://chaptersinwebsecurity.blogspot.com/2008/10/multiinjector-released-automatic.html</a><br>
<br>Enjoy ;-)<br><br>Raviv.<br></div>

------=_Part_41323_4861634.1224779439911--