I've searched and found a good discussion here on SO, but it is several years old.
What programs are there, or is there a simple script I can run, to find the SQL injection holes in the URLs in my entire site?
Preferably, I'd like to run a script (PHP) or program that crawls my site, bouncing from link to link, attempting to find holes, and upon discovery, stores that URL so I have a list of URLs I need to fix.
Does this exist?
In order to perform this Security Testing, initially, you need to find the vulnerable system parts and then send malicious SQL code through them to the database. If this attack is possible for a system, then appropriate malicious SQL code will be sent and harmful actions may be performed in the database.
The Mole: Another automated SQL injection exploitation tool that can detect and exploit the injection vulnerability by simply using a valid string and a vulnerable URL. The Mole uses either a boolean-query-based technique or the union technique to carry out the injection.
Which of the stored procedure is used to test the SQL injection attack? Explanation: xp_regwrite writes an arbitrary value into the Registry (undocumented extended procedure). 7.
Yes and no. First i'll preface this by saying I'm not just posting links but have done security audits professionally using all of these tools and not as a developer on a project but an external resource. Note that generally sqlserver injection is different than mysql as well.
Free tools like paros proxy [crawls] (previously mentioned),
burpsuite (previously mentioned [crawls] but active attacks requires pro): http://portswigger.net/burp/
sqlninja (sqlserver only) http://sqlninja.sourceforge.net/
google rat proxy: [crawls] http://code.google.com/p/ratproxy/
websecurify: [crawls] http://www.websecurify.com/
wapiti: [crawls but takes work to set up - can be used specifically for sqli with spider] http://wapiti.sourceforge.net/
nikto: [crawls but not for sqli...]
are great! They can help you identify problems but take a great deal of human analysis due to large amounts of false positives. Commercial tools are available like:
NTOSpider (one of the best [crawls!]) : http://www.ntobjectives.com/software/ntospider
are very expensive but talking to a rep will get you a free copy for a period of time (which I have done with them). They make sorting through results faster by providing validation links in the reports but you STILL need a trained eye and analysis as I have found false positives.
Ultimately the correct answer to this question is: You can use tools to help you identify if there are security (sqli) vulnerabilities but only a trained eye using the tools can validate them. Further only a proper code review and analysis can identify vulnerabilities that an app (even a very good one) may miss.
Tools can help but you need human time and analysis to do this correctly. Proxies and request manglers are the real tools for hitting the app with injection and are done with careful intention of trained testers or those with a curious mind.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With