On Tue, Dec 1, 2009 at 7:16 PM, Joe <lists@joefleming.net> wrote:

Hey all,

Can anyone (Lisa, I'm looking in your direction) recommend a decent SQL
injection scanner? I don't really care if it's server-side or
client-side since it's my server, and I don't need to *exploit* the
injection points, I just need an easy way to find them. I'd like it to
be easy to figure out, generate output or reports that are easy to
follow and not require too much to be installed on the server.

The reason I'm looking for something is that the server on which my
company hosts its websites has been compromised and I've been putting in
some considerable hours trying to fix things. I've removed malicious
scripts, fixed or removed the exploited code and changed all of our
passwords (from ssh to mysql to user accounts).

Today, I happened to catch a SQL injection scan and now I'm trying to
look down that path some more. Basically, they used one of our (many)
poorly escaped queries to poll password data for our site login (among
other things). Luckily, I shut the scan down before they got the
passwords so I didn't have to have users reset them *again*.

I've cleaned up a bunch of the sql code over the past could days, but
I'm wondering if there's a way for me to scan for injections myself and
attack code that is "more vulnerable" than others. I found sqlsus
(http://sqlsus.sourceforge.net/), which looked pretty impressive, but it
didn't run properly and it wasn't really a scanning tool so much as it
was an exploiting tool. I also found Pixy
(http://pixybox.seclab.tuwien.ac.at/pixy/), which looked pretty
comprehensive, but the output looked a little intimidating. Plus, the
little I read of the docs wasn't really clear about how to actually use it.

Anything else anyone would recommend?

-Joe
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss