Security Basics mailing list archives
RE: Help to Automate XSS and SQL
From: Paul Petersen <P.Petersen () F5 com>
Date: Wed, 17 Dec 2008 07:35:46 -0800
Security Compass has a couple of nifty plugins to test for XSS and SQL injection for firefox- They have a list of the most common tests and you can set it up to scan the site as you are using it- You can find them on the firefox plugins site. Not sure how automatable that is. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Vin Oxious Sent: Monday, December 15, 2008 9:10 PM To: security-basics () securityfocus com Subject: Help to Automate XSS and SQL Hello Friends, Greetings of the day !! .. Recently I had carried out manual test with XSS and SQL. I have tried quite a lot of the variants.. but later on it was detected that it has XSS and SQL vulnerability. Since there are so many variants of XSS and SQL and cannot be tried of all those in a limited time span. What should I do to make sure that the site doesn't have XSS and SQL. Should I try with every SQL and XSS string. and use a automated brute force attack .. If yes .. can anyone suggest me some good tools that I can run from windows or browser ( similar to tamper data ,greasy monkey or any other windows tools ). Note : please don't suggest perl scripts or linux related scripts even though I would love to work upon :( Coz this is a windows environment. Thanks in advance for sharing your experiences :) regards, Vinox
Current thread:
- Help to Automate XSS and SQL Vin Oxious (Dec 16)
- Re: Help to Automate XSS and SQL RĂ©mi LAURENT (Dec 17)
- RE: Help to Automate XSS and SQL Paul Petersen (Dec 17)
- Re: Help to Automate XSS and SQL Michael Boman (Dec 17)
- Re: Help to Automate XSS and SQL Terra Frost (Dec 17)
- Re: Help to Automate XSS and SQL Marco M. Morana (Dec 18)
- <Possible follow-ups>
- Re: Re: Help to Automate XSS and SQL viveksilla (Dec 18)
- Re: Re: Help to Automate XSS and SQL p4ssion (Dec 19)