From: Rafael Silva (listas@geekworld.com.br)
Date: Mon Feb 11 2008 - 13:34:49 EST
Hello everyone,
I'm here to publish a tool that exploits the concept of web
application worms.
It's not a brand new thing but I hope to help sysadmins and the
security community.
Volatine Worm is a web worm for MSSQL web applications vulnerable to
SQL Injection and forces
them into executing store procedures like xp_cmdshell.
The concept of this worm is pretty simple: Find vulnerable hosts in an
automated fashion searching
in Google for URLs like:
news.asp
noticias.asp
comments.asp
...
When the worm finds a potential vulnerable application it tests if it
is flawed by simply appending
a single quote in the URL. It analyzes the error code returned to
determine if it is running MSSQL.
If it succedes to find a MSSQL, the worm issues a 'ping' command using
xp_cmdshell, performing
a phone home. Then you can test a lot of things like setup a ftp
server and send any file to the
vulnerable host.
Feel free to improve the code.
Download: http://www.rfdslabs.com.br/volatile.txt
rfds@gland:~/codes/volatile$ perl volatile.pl -h
Volatile [Automatic SQL Injection Exploit]
Written by rfds and hash
use volatile.pl [-h|-q <query>|-w <walk>|-d <device>|-i <ip>]
-h: print this help
-q: the magic query string [required]
-w: rounds per search [required]
-d: external device [required]
-i: the device's ip [required]
happy hacking
rfds@gland:~/codes/volatile$
Cheers,
-Rafael Silva
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT