Security Basics mailing list archives
Re: Help to Automate XSS and SQL
From: "Terra Frost" <terrafrost () gmail com>
Date: Tue, 16 Dec 2008 20:12:38 -0600
If you have to brute force it, might I suggest you learn SQL injection and XSS a little better? There are but a few key characters one need use to perform XSS or SQL injection and you don't really need to brute force anything to see if those characters are being properly escaped or whatever - just inject those characters and see how they're escaped in the output. See if they result in an SQL error. If they do you have an SQL injection. Trying to brute force by doing something like... ') UNION SELECT null # and ' OR 1=1 # is just a bad plan. The former won't work unless you have as many nulls in the second SELECT as the first SELECT has. That could, in theory, be infinitely many, so are you just going to try keep adding nulls indefinitely? I'd recommend just trying to do something like '"zzz<!--. View the source to see where the zzz appears and what the characters around it look like. If they're not escaped you can probably do XSS. If they are... well, you can evaluate that from the context. If it's in a CSS attribute you can still do XSS with -moz-binding in Firefox 2, for instance (Firefox 3 disabled remote -moz-bindings), or in IE, with CSS expressions. If there's an SQL error, you can probably do SQL injection and if there's not an SQL error, you probably can't (multibyte tables excluded). On Mon, Dec 15, 2008 at 11:09 PM, Vin Oxious <vinoxious () gmail com> wrote:
Hello Friends, Greetings of the day !! .. Recently I had carried out manual test with XSS and SQL. I have tried quite a lot of the variants.. but later on it was detected that it has XSS and SQL vulnerability. Since there are so many variants of XSS and SQL and cannot be tried of all those in a limited time span. What should I do to make sure that the site doesn't have XSS and SQL. Should I try with every SQL and XSS string. and use a automated brute force attack .. If yes .. can anyone suggest me some good tools that I can run from windows or browser ( similar to tamper data ,greasy monkey or any other windows tools ). Note : please don't suggest perl scripts or linux related scripts even though I would love to work upon :( Coz this is a windows environment. Thanks in advance for sharing your experiences :) regards, Vinox
Current thread:
- Help to Automate XSS and SQL Vin Oxious (Dec 16)
- Re: Help to Automate XSS and SQL RĂ©mi LAURENT (Dec 17)
- RE: Help to Automate XSS and SQL Paul Petersen (Dec 17)
- Re: Help to Automate XSS and SQL Michael Boman (Dec 17)
- Re: Help to Automate XSS and SQL Terra Frost (Dec 17)
- Re: Help to Automate XSS and SQL Marco M. Morana (Dec 18)
- <Possible follow-ups>
- Re: Re: Help to Automate XSS and SQL viveksilla (Dec 18)
- Re: Re: Help to Automate XSS and SQL p4ssion (Dec 19)