Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I automatically test my site for SQL injection attacks, using either a script or program? [closed]

I've searched and found a good discussion here on SO, but it is several years old.

What programs are there, or is there a simple script I can run, to find the SQL injection holes in the URLs in my entire site?

Preferably, I'd like to run a script (PHP) or program that crawls my site, bouncing from link to link, attempting to find holes, and upon discovery, stores that URL so I have a list of URLs I need to fix.

Does this exist?

like image 509
Luke Shaheen Avatar asked Mar 13 '12 14:03

Luke Shaheen


People also ask

How will you test for SQL injections?

In order to perform this Security Testing, initially, you need to find the vulnerable system parts and then send malicious SQL code through them to the database. If this attack is possible for a system, then appropriate malicious SQL code will be sent and harmful actions may be performed in the database.

What tool techniques can be used to detect and exploit SQL injection?

The Mole: Another automated SQL injection exploitation tool that can detect and exploit the injection vulnerability by simply using a valid string and a vulnerable URL. The Mole uses either a boolean-query-based technique or the union technique to carry out the injection.

Which of the stored procedure is used to test the SQL injection attack?

Which of the stored procedure is used to test the SQL injection attack? Explanation: xp_regwrite writes an arbitrary value into the Registry (undocumented extended procedure). 7.


1 Answers

Yes and no. First i'll preface this by saying I'm not just posting links but have done security audits professionally using all of these tools and not as a developer on a project but an external resource. Note that generally sqlserver injection is different than mysql as well.

Free tools like paros proxy [crawls] (previously mentioned),

burpsuite (previously mentioned [crawls] but active attacks requires pro): http://portswigger.net/burp/

sqlninja (sqlserver only) http://sqlninja.sourceforge.net/

google rat proxy: [crawls] http://code.google.com/p/ratproxy/

websecurify: [crawls] http://www.websecurify.com/

wapiti: [crawls but takes work to set up - can be used specifically for sqli with spider] http://wapiti.sourceforge.net/

nikto: [crawls but not for sqli...]

are great! They can help you identify problems but take a great deal of human analysis due to large amounts of false positives. Commercial tools are available like:

NTOSpider (one of the best [crawls!]) : http://www.ntobjectives.com/software/ntospider

are very expensive but talking to a rep will get you a free copy for a period of time (which I have done with them). They make sorting through results faster by providing validation links in the reports but you STILL need a trained eye and analysis as I have found false positives.

Ultimately the correct answer to this question is: You can use tools to help you identify if there are security (sqli) vulnerabilities but only a trained eye using the tools can validate them. Further only a proper code review and analysis can identify vulnerabilities that an app (even a very good one) may miss.

Tools can help but you need human time and analysis to do this correctly. Proxies and request manglers are the real tools for hitting the app with injection and are done with careful intention of trained testers or those with a curious mind.

like image 79
JasonG Avatar answered Sep 19 '22 23:09

JasonG