A new tool (Commix), even a Greek developer, is available to anyone who wants to test the security of their Web site's Web applications, and to reveal possible vulnerabilities that could be exploited by injections fraudsters.
The new tool, as we said earlier, is called Commix (abbreviation of [comm] and [i] njection e [x]ploiter, which aims to find bugs or vulnerable points related to injection attacks. In other words, it is a tool that tries to "detect" and then "exploit" command injection vulnerabilities using several variants of complex attack vectors.
Commix is written in Python, that is, it has a simple interface and can be used by web developers, penetration testers and security researchers to test the security of their web applications. The program is only intended for security checks and the manufacturer of the program never allows its use for malicious purposes.
A successful one attack with injection can lead to the execution of arbitrary commands on a system affected by a vulnerability application. Μπορεί να συμβεί αν η εφαρμογή δεν παρέχει επαρκή επικύρωση των εισροών και περνά μακριές commands by the user, through forms, cookies or HTTP headers.
Using this tool, it's very easy to find and exploit a vulnerable injection command, says the developer who built it, Anastasios Stasinopoulos, in the explanatory page at GitHub.
However, though Commix is intended for testing and testing activity, it can also be used by a malicious user, just like any other security tool. Stasinopoulos warns of this and says that "you can only use it once you have been given complete consent".
The capabilities of Commix include a range of options to determine which parameters can be injected. To work the program you must have installed it Python, version 2.6.x or 2.7.x version.
At the GitHub site to download and the program, you will also find instructions for installing and running it.
In order to become familiar with Commix, Stasinopoulos provides you with a number of examples. One of these is one page that is vulnerable to PHP / MySQL Web App and you can test your skills, tools, and break it as much as you want after you have the full legal license to do it ..