– added multiple MSSQL blind payload injections
– added MySQL blind payload injections
– added XSS payload injections (HTML5 also)
– added payload collection functionalityteenage-mutant-ninja-turtles : This project is fork of fuzzdb project and is about Obfuscating fuzzdb Web Application payloads
The Teenage Mutant Ninja Turtles project is three things:
A Web Application payload database (heavily based on fuzzdb project for now)
A Web Application error database (e.g. contain error messages that might return while fuzzing).
A Web Application payload mutator.
Nowadays all high profile sites found in financial and telecommunication sector use filters to filter out all types of vulnerabilities such as SQL, XSS, XXE, Http Header Injection e.t.c. In this particular project I am going to provide you with a tool to generate Obfuscated Fuzzing Injection attacks on order to bypass badly implemented Web Application injection filters (e.t.c SQL Injections, XSS Injections e.t.c).
Bypassing SQL Injection filters
The are numerous ways to by pass SQL injection filters, there even more ways to exploit them too. The most common way of evading SQL injection filters are:
- Using Case Variation
- Using SQL Comments
- Using URL Encoding
- Using Dynamic Query Execution
- Using Null Bytes
- Nesting Stripped Expressions
- Exploiting Truncation
- Using Non-Standard Entry Points
- Combine all techniques above
Find Other version |
read more in here : http://code.google.com/p/teenage-mutant-ninja-turtles/
Our post before : http://www.seclist.us/2012/09/teenage-mutant-ninja-turtles-v-15.html