Mysql Injection Scanner

Joseph Sinclair plug-discussion at stcaz.net
Tue Dec 1 20:53:59 MST 2009


It's not going to find everything, and it's definitely not a fully-automated tool, but I find the SQLInjectMe plugin for Firefox to be a very useful tool for SQL injection testing.

For more automated scanning, you might try Wikto (http://www.sensepost.com/research/wikto/), although I don't know much about it...

Joe wrote:
> Hey all,
> 
> Can anyone (Lisa, I'm looking in your direction) recommend a decent SQL 
> injection scanner? I don't really care if it's server-side or 
> client-side since it's my server, and I don't need to *exploit* the 
> injection points, I just need an easy way to find them. I'd like it to 
> be easy to figure out, generate output or reports that are easy to 
> follow and not require too much to be installed on the server.
> 
> The reason I'm looking for something is that the server on which my 
> company hosts its websites has been compromised and I've been putting in 
> some considerable hours trying to fix things. I've removed malicious 
> scripts, fixed or removed the exploited code and changed all of our 
> passwords (from ssh to mysql to user accounts).
> 
> Today, I happened to catch a SQL injection scan and now I'm trying to 
> look down that path some more. Basically, they used one of our (many) 
> poorly escaped queries to poll password data for our site login (among 
> other things). Luckily, I shut the scan down before they got the 
> passwords so I didn't have to have users reset them *again*.
> 
> I've cleaned up a bunch of the sql code over the past could days, but 
> I'm wondering if there's a way for me to scan for injections myself and 
> attack code that is "more vulnerable" than others. I found sqlsus 
> (http://sqlsus.sourceforge.net/), which looked pretty impressive, but it 
> didn't run properly and it wasn't really a scanning tool so much as it 
> was an exploiting tool. I also found Pixy 
> (http://pixybox.seclab.tuwien.ac.at/pixy/), which looked pretty 
> comprehensive, but the output looked a little intimidating. Plus, the 
> little I read of the docs wasn't really clear about how to actually use it.
> 
> Anything else anyone would recommend?
> 
> -Joe
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091201/76eb41a4/attachment.pgp 


More information about the PLUG-discuss mailing list