Showing 3 results for: January 2012 ×Tools ×

On Null Byte Poisoning and XPath Injection

Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to SQLol. Among other features, it has challenge...

Scripting Metasploit using MSGRPC

While there are many aspects of network pen testers that sets the good testers apart from the bad, three of the critical aspects are time management, data management, and tool mastery. The Metasploit Framework, a tool that is part of...

Introducing SQLol

At the most recent Austin Hackers Association meeting I unveiled a project I've been working on for a couple months now called "SQLol". I was helping a colleague to exploit an SQL injection flaw in the wild with a MySQL...