Nmap Development mailing list archives

Re: [NSE] SQL Injection

From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Thu, 19 Jul 2007 09:12:38 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Eddie Bell wrote:

I've added an experimental SQL Injection script to SVN. It spiders a
http server looking for URLs containing queries. It then proceeds to
combine crafted SQL commands with susceptible urls in order to obtain
errors. The errors are analysed to see if the url is vulnerable to
attack


/me gapes in awe

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
SHOW DE FUTURABANDA - Sabado 18 de Agosto 2007 (Speed King, Capital Federal)
Entradas anticipadas a traves de www.futurabanda.com.ar - Punk Rock Melodico


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGn1U1AlpOsGhXcE0RCsurAJ42YBIxHCPve+qGN/NtuF7EDYnoCACeLpAT
+CBEztrTzT2zfcmvzL1xGmM=
=6Lop
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE] SQL Injection Eddie Bell (Jul 19)
- [NSE] SQL Injection Eddie Bell (Jul 19)
- Re: [NSE] SQL Injection Arturo 'Buanzo' Busleiman (Jul 19)