Mysql Injection Scanner
JD Austin
jd at twingeckos.com
Tue Dec 1 19:27:59 MST 2009
On Tue, Dec 1, 2009 at 7:16 PM, Joe <lists at joefleming.net> wrote:
> Hey all,
>
> Can anyone (Lisa, I'm looking in your direction) recommend a decent SQL
> injection scanner? I don't really care if it's server-side or
> client-side since it's my server, and I don't need to *exploit* the
> injection points, I just need an easy way to find them. I'd like it to
> be easy to figure out, generate output or reports that are easy to
> follow and not require too much to be installed on the server.
>
> The reason I'm looking for something is that the server on which my
> company hosts its websites has been compromised and I've been putting in
> some considerable hours trying to fix things. I've removed malicious
> scripts, fixed or removed the exploited code and changed all of our
> passwords (from ssh to mysql to user accounts).
>
> Today, I happened to catch a SQL injection scan and now I'm trying to
> look down that path some more. Basically, they used one of our (many)
> poorly escaped queries to poll password data for our site login (among
> other things). Luckily, I shut the scan down before they got the
> passwords so I didn't have to have users reset them *again*.
>
> I've cleaned up a bunch of the sql code over the past could days, but
> I'm wondering if there's a way for me to scan for injections myself and
> attack code that is "more vulnerable" than others. I found sqlsus
> (http://sqlsus.sourceforge.net/), which looked pretty impressive, but it
> didn't run properly and it wasn't really a scanning tool so much as it
> was an exploiting tool. I also found Pixy
> (http://pixybox.seclab.tuwien.ac.at/pixy/), which looked pretty
> comprehensive, but the output looked a little intimidating. Plus, the
> little I read of the docs wasn't really clear about how to actually use it.
>
> Anything else anyone would recommend?
>
> -Joe
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
It isn't an injection scanner but I recommend you install mod_security on
your web server to help prevent these kinds of attacks. Also do not allow
external access to mysql.
A quick scan of source forge brought back this:
http://sourceforge.net/projects/paros/
http://sourceforge.net/projects/sqlmap/
--
JD Austin
Twin Geckos Technology Services LLC
jd at twingeckos.com
Voice: 480.288.8195x201
Fax: 480.406.6753
http://www.twingeckos.com
"Love all, trust a few." -
Shakespeare<http://feedproxy.google.com/%7Er/randomquotes/%7E3/G2PjcLJ0ONI/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091201/f2f3c569/attachment.htm
More information about the PLUG-discuss
mailing list