Project Description
This tool will simulate an attack on your database and update up to 5000 rows in every table and replace your strings in your database with random XSS attacks.

Just imagine a malicious user had direct access to your database and tried to to his best to XSS attack your site.


The tool will simulate an attack on your database and update up to 5000 rows in every table and replace your strings in your database with random XSS attacks. Just imagine a malicious user had direct access to your database and tried to to his best to XSS attack your site.

After you run the tool go and browse your website. Considering the large number of XSS scripts injected in your database you should expect some of the scripts to surface in the UI as potential attacks. This will allow you to find and encode all the places where data could surface. The tool is not intended to cover every scenario possible so using the tool does not guarantee that your website is not vulnerable, however it’s yet another tool in the arsenal we are required to have to better protect our sites.

For more details visit http://www.acorns.com.au/blog/?p=154

Last edited Apr 6, 2010 at 12:56 PM by CorneliuTusnea, version 3