A simple plug-in based open source framework for Automation of detection and exploitation vulnerabilities such as SQL Injection, Arbitrary File Upload and Remote Code Execution. Talks demonstrates how to gain a remote shell in an SQL Injection just by one request. Also it shows that it's possible to get a reverse shell out of SQL Injection by mounting a CSRF attack which wasn't possible before this. WebRaider is written in .NET, open-source and allows users to write new attack plug-ins. It's a similar design to CORE Impact just for web applications and vulnerabilites which causes remote code execution. It's planned to be an OWASP Project, and will be publicly released in the conference among with "One Click Ownage" whitepaper which explains one request remote code execution in SQL Server. This will be an updated and more detailed version of the talk that I've presented in ITUnderground 2009. However the whitepaper, WebRaider tool and details of the talk hasn't been published yet.