[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] MultiInjector v0.3 Released - Mass SQL Injection and Beyond

From: "Raviv Raz" <ravivr@xxxxxxxxx>
Subject: [WEB SECURITY] MultiInjector v0.3 Released - Mass SQL Injection and Beyond
Date: Thu, 13 Nov 2008 02:52:22 +0200

------=_Part_15120_13978088.1226537542279
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You may download MultiInjector v0.3 at:

http://chaptersinwebsecurity.blogspot.com/2008/11/multiinjector-v03-released.html

New features include:

1) Automatic defacement:
Try to concatenate a string to all user-defined text fields in DB

2) Run OS shell command on DB server:
Run any OS command as if you're running a command console on the DB machine

3) Run SQL query on DB server:
Execute SQL commands of your choice

4) Enable OS shell procedure on DB:
Revive the good old XP_CMDSHELL where it was turned off
(default mode in MSSQL-2005)

5) Add administrative user to DB server with password: T0pSeKret
Automagically join the Administrators family on DB machine

6) Enable remote desktop on DB server:
Turn remote terminal services back on...

It's a more stable and field-tested version.
Hope you enjoy.

Peace in the Middle East!
Raviv Raz

------=_Part_15120_13978088.1226537542279
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr">You may download MultiInjector v0.3 at:<br><div class="gmail_quote"><div dir="ltr"><br><a href="http://chaptersinwebsecurity.blogspot.com/2008/11/multiinjector-v03-released.html"; target="_blank">http://chaptersinwebsecurity.blogspot.com/2008/11/multiinjector-v03-released.html</a><br>
<br>New features include:<br><br>1) Automatic defacement:<br>Try to concatenate a string to all user-defined text fields in DB<br><br>2) Run OS shell command on DB server:<br>Run any OS command as if you&#39;re running a command console on the DB machine<br>
<br>3) Run SQL query on DB server:<br>Execute SQL commands of your choice<br><br>4) Enable OS shell procedure on DB:<br>Revive the good old XP_CMDSHELL where it was turned off<br>(default mode in MSSQL-2005)<br><br>5) Add administrative user to DB server with password: T0pSeKret<br>
Automagically join the Administrators family on DB machine<br><br>6) Enable remote desktop on DB server:<br>Turn remote terminal services back on...<br>
<br>It&#39;s a more stable and field-tested version.<br>Hope you enjoy.<br><br>Peace in the Middle East!<br>Raviv Raz<br></div></div></div>

------=_Part_15120_13978088.1226537542279--

Prev by Date: RE: [WEB SECURITY] .NET Smart Client Technology
Next by Date: [WEB SECURITY] Fwd: hi, need help
Previous by thread: [WEB SECURITY] .NET Smart Client Technology
Next by thread: [WEB SECURITY] Fwd: hi, need help
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site