Injectable Exploits: Two New Tools For Pwning Web Apps And Browsers
No ratings
Presented at OWASP Appsec 2009 by
Injectable exploits focus on the exploitation of major web flaws during penetration tests. Two new tools will be released that expand the foothold penetration testers can obtain through SQL injection and XSS flaws. These tools provide greater insight into the network hosting the web application and the networks in which the users are located. The first tool Yokoso! is an infrastructure fingerprinting system delivered via XSS attack. The second tool, Laudanum is a collection of injectable files that are prebuilt to perform various attacks within a network. The final portion of the talk will cover SamuraiWTF. SamuraiWTF is a live CD environment focused on web penetration tests. It was released during DEFCON 16 and has had four new releases since that time. Both Yokoso! and Laudanum will be included on a new version of SamuraiWTF released at DEFCON this year.