Hello everyone,
I’m here to publish a tool that exploits the concept of web application
worms.
It’s not a brand new thing but I hope to help sysadmins and the security
community.
Volatine Worm is a web worm for MSSQL web applications vulnerable to SQL
Injection and forces
them into executing store procedures like xp_cmdshell.
The concept of this worm is pretty simple: Find vulnerable hosts in an
automated fashion searching
in Google for URLs like:
news.asp
noticias.asp
comments.asp
…
When the worm finds a potential vulnerable application it tests if it is
flawed by simply appending
a single quote in the URL. It analyzes the error code returned to
determine if it is running MSSQL.
If it succedes to find a MSSQL, the worm issues a ‘ping’ command using
xp_cmdshell, performing
a phone home. Then you can test a lot of things like setup a ftp server
and send any file to the
vulnerable host.
Feel free to improve the code.
Download: http://www.rfdslabs.com.br/volatile.txt
rfds@gland:~/codes/volatile$ perl volatile.pl -h
Volatile [Automatic SQL Injection Exploit]
Written by rfds and hash
use volatile.pl [-h|-q
-h: print this help
-q: the magic query string [required]
-w: rounds per search [required]
-d: external device [required]
-i: the device’s ip [required]
happy hacking
rfds@gland:~/codes/volatile$
Cheers,
-Rafael Silva
Related Articles
1 user responded in this post
Granda rafa, como estao as coisas cara? Vai rolar de voce vir no Rio? Conta as novidades ae!
[]s
Leave A Reply