A new tool (Commix) and by a Greek developer, is available to anyone who wants to test the security of their web applications, and to reveal possible vulnerabilities that could be exploited by fraudsters with injections.
The new tool, as we said earlier, is called Commix (abbreviation of [comm] and [i] njection e [x]ploiter, which aims to find bugs or vulnerabilities related to injection attacks. In other words, it is a tool that tries to use several variations of complex attack vectors to "detect" and then "exploit" command injection vulnerabilities.
Commix is written in Python, that is, it has a simple interface and can be used by web developers, penetration testers and from researchers security to test the security of their web applications. The program is only intended for security checks and the manufacturer of the program never allows its use for malicious purposes.
A successful injection attack can lead to the execution of arbitrary commands in a system that is affected by a vulnerable application. It can happen if the application does not provide sufficient input validation and passes long user commands through forms, cookies, or HTTP headers.
Using this tool, it's very easy to find and exploit a vulnerable injection command, says the developer who built it, Anastasios Stasinopoulos, in the explanatory page at GitHub.
However, though Commix is intended for testing and testing activity, it can also be used by a malicious user, just like any other security tool. Stasinopoulos warns of this and says that "you can only use it once you have been given complete consent".
The capabilities of Commix include a range of options to determine which parameters can be injected. To work the program you must have installed it Python, version 2.6.x or 2.7.x version.
Στην ιστοσελίδα του GitHub που θα κατεβάσετε και το πρόγραμμα, θα βρείτε επίσης και οδηγίες για την εγκατάσταση και τη mode of.
In order to become familiar with Commix, Stasinopoulos provides you with a number of examples. One of these is one page that is vulnerable to PHP / MySQL Web App and you can test your skills, tools, and break it as much as you want after you have the full legal license to do it ..