Create an Account
username: password:
 
  MemeStreams Logo

DOMinatrix - The JavaScript SQL Injector
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
DOMinatrix - The JavaScript SQL Injector
Topic: Technology 2:05 am EDT, Jul 26, 2007

DOMinatrix is, well, incredibly awesome. It's a full automated SQL Injection tool written in JavaScript, which will dump out data from MS SQL Server databases (more to come). I'm be demoing DOMinatrix at my Black Hat presentation.

XSS + Web worm + DOMinatrix = oh crap.

In the last 5 months we've seen the development of web scanners and SQL injectors in JavaScript.

These aren't a browser exploits.
These aren't buffer overflows.
These aren't something that affects only a single browser and only on pages that don't explicitly set a character set.

This is using JavaScript in perfectly valid ways to do extremely malicious things.

There is no way to patch this.
End users are pretty much screwed.

Here is a screen shot of DOMinatrix in action.

Thread [7]


  
 
Powered By Industrial Memetics		RSS2.0