Security Basics mailing list archives

Re: Help to Automate XSS and SQL

From: "Michael Boman" <michael.boman () gmail com>
Date: Tue, 16 Dec 2008 20:03:57 +0100

Try the fuzzer module in WebScarab
(http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project), or
wfuzz (http://www.edge-security.com/wfuzz.php). Neither of them are
available as a browser plugin, but WebScarab is written in Java so it
runs anywhere there is a suitable JVM, and wfuzz has win32 binaries
available.

Best regards
Michael Boman

On Tue, Dec 16, 2008 at 6:09 AM, Vin Oxious <vinoxious () gmail com> wrote:

Hello Friends,

              Greetings of the day !! .. Recently I had carried out
manual test with XSS and SQL. I have tried quite a lot of the
variants.. but later on it was detected that it has XSS and SQL
vulnerability.

Since there are so many variants of XSS and SQL and cannot be tried of
all those in a limited time span. What should I do to make sure that
the site doesn't have XSS and SQL.

Should I try with every SQL and XSS string. and use a automated brute
force attack .. If yes .. can anyone suggest me some good tools that I
can run from windows or browser ( similar to tamper data ,greasy
monkey or any other windows tools ).

Note : please don't suggest perl scripts or linux related scripts even
though I would love to work upon :(  Coz this is a windows
environment.


Thanks in advance for sharing your experiences :)

regards,
Vinox




-- 
http://michaelboman.org - Security Blog & Wiki

Current thread:

Help to Automate XSS and SQL Vin Oxious (Dec 16)
- Re: Help to Automate XSS and SQL Rémi LAURENT (Dec 17)
- RE: Help to Automate XSS and SQL Paul Petersen (Dec 17)
- Re: Help to Automate XSS and SQL Michael Boman (Dec 17)
- Re: Help to Automate XSS and SQL Terra Frost (Dec 17)
  - Re: Help to Automate XSS and SQL Marco M. Morana (Dec 18)
- <Possible follow-ups>
- Re: Re: Help to Automate XSS and SQL viveksilla (Dec 18)
  - Re: Re: Help to Automate XSS and SQL p4ssion (Dec 19)