Under the hood of the MCIR (Magical Code Injection Rainbow) framework are several tools collected:
- SQLol let you to exploit SQL injection flaws.
- XMLmao contains XML/XPath injection flaws.
- ShelLOL allows you to exploit shell command injection flaws.
- XSSmh provides you with Cross-Site Scripting flaws.
- CryptOMG is a configurable CTF style test bed that highlights common
flaws in cryptographic implementations.
All parts allows a large amount of control over the manifestation of the flaws through various options. MCIR is the successor of the single SQLol installation which was integrated in the Fedora Security Lab Test bench.