On Tue, Dec 1, 2009 at 7:16 PM, Joe wrote: > Hey all, > > Can anyone (Lisa, I'm looking in your direction) recommend a decent SQL > injection scanner? I don't really care if it's server-side or > client-side since it's my server, and I don't need to *exploit* the > injection points, I just need an easy way to find them. I'd like it to > be easy to figure out, generate output or reports that are easy to > follow and not require too much to be installed on the server. > > The reason I'm looking for something is that the server on which my > company hosts its websites has been compromised and I've been putting in > some considerable hours trying to fix things. I've removed malicious > scripts, fixed or removed the exploited code and changed all of our > passwords (from ssh to mysql to user accounts). > > Today, I happened to catch a SQL injection scan and now I'm trying to > look down that path some more. Basically, they used one of our (many) > poorly escaped queries to poll password data for our site login (among > other things). Luckily, I shut the scan down before they got the > passwords so I didn't have to have users reset them *again*. > > I've cleaned up a bunch of the sql code over the past could days, but > I'm wondering if there's a way for me to scan for injections myself and > attack code that is "more vulnerable" than others. I found sqlsus > (http://sqlsus.sourceforge.net/), which looked pretty impressive, but it > didn't run properly and it wasn't really a scanning tool so much as it > was an exploiting tool. I also found Pixy > (http://pixybox.seclab.tuwien.ac.at/pixy/), which looked pretty > comprehensive, but the output looked a little intimidating. Plus, the > little I read of the docs wasn't really clear about how to actually use it. > > Anything else anyone would recommend? > > -Joe > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > It isn't an injection scanner but I recommend you install mod_security on your web server to help prevent these kinds of attacks. Also do not allow external access to mysql. A quick scan of source forge brought back this: http://sourceforge.net/projects/paros/ http://sourceforge.net/projects/sqlmap/ -- JD Austin Twin Geckos Technology Services LLC jd@twingeckos.com Voice: 480.288.8195x201 Fax: 480.406.6753 http://www.twingeckos.com "Love all, trust a few." - Shakespeare