what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Wednesday, June 06, 2007

CHUKSFIRE SQL INJECTION TOOL

I have been busy scripting a tool that can crawl servers looking for Vulnerable pages which can be exploited using sql-injection. Its written in perl, called chuksfire. I will be lauching it soon, i will not name the day. I'm still working on the code, but its at its BETA stage at the moment. Been busy training, thats why its not out yet. I will try probe wananchi.co.ke, i will not display the vulnerable lines, though, but one thing u need to know, sql injection, can get your network compromised. This is how it works:

Starting chuksfire scan...

[*] Server: Apache/1.3.33 (Darwin) mod_jk/1.2.4 DAV/1.0.3 mod_ssl/2.8.24 OpenSSL/0.9.7i PHP/4.4 .1 mod_perl/1.26
[*] Checking robots.txt...
[*] Checking 1 page on www.wananchi.co.ke for SQL injection holes...
[*] Checking index.php...
[*] Checking for possible bugs...



I will try see if, i can add up some CMS bugs in the code, so as to pick known sql-injection vulnerabilities, on well used CMSs, like Joomla, XOOPS and others.

Good reading.

/Chuks

1 comment:

VicMooN said...

can i evaluate your script tool

thanks