Ardilla- New tool for finding SQL Injection and XSS

Three Researchers -- MIT's Adam Kiezun, Stanford's Philip Guo, and Syracuse University's Karthick Jayaraman -- has developed a new tool 'Ardilla' that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

It creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. But for now Ardilla is for PHP-based Web app only.

The researchers say Ardilla found 68 never-before found vulnerabilities in five different PHP applications using the tool -- 23 SQL injection and 45 XSS flaws.

More information is awaited.

For their attack generation techniques refer to their document at:

http://www.cs.washington.edu/homes/mernst/pubs/create-attacks-tr054.pdf


Comments

Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection