Create an Account
username: password:
 
  MemeStreams Logo

DOMinatrix - The JavaScript SQL Injector
search
Home Agent Weblogs Social Network Post Help About

Neoteric
Picture of Neoteric
Neoteric's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Neoteric's topics
Arts
  Music
   Blues
   Country
   Rap & Hip Hop
  TV
Business
Games
Health and Wellness
  Fitness
  Medicine
  Nutrition
Cooking
Entertaining
Holidays
Miscellaneous
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Bicycling
  Camping and Hiking
Local Information
  Food
  United States
   District of Columbia
    Events in Washington D.C.
    News for Washington D.C.
   Maryland
Science
  Chemistry
  Math
  Physics
Society
  Politics and Law
   Surveillance
   Intellectual Property
Technology
  Computer Security
  Cyber-Culture
  Linux
  Software Development
  High Tech Developments

support us

Get MemeStreams Stuff!


 
DOMinatrix - The JavaScript SQL Injector
Topic: Technology 2:05 pm EDT, Jul 26, 2007

DOMinatrix is, well, incredibly awesome. It's a full automated SQL Injection tool written in JavaScript, which will dump out data from MS SQL Server databases (more to come). I'm be demoing DOMinatrix at my Black Hat presentation.

XSS + Web worm + DOMinatrix = oh crap.

In the last 5 months we've seen the development of web scanners and SQL injectors in JavaScript.

These aren't a browser exploits.
These aren't buffer overflows.
These aren't something that affects only a single browser and only on pages that don't explicitly set a character set.

This is using JavaScript in perfectly valid ways to do extremely malicious things.

There is no way to patch this.
End users are pretty much screwed.

Here is a screen shot of DOMinatrix in action.

DOMinatrix - The JavaScript SQL Injector

Thread [7] - Reply


  
 
Powered By Industrial Memetics		RSS2.0