Penetration Testing mailing list archives

Re: SQL injections and connections to a DB

From: Felipe Balbi <felipebalbi () yahoo com>
Date: Wed, 13 Jul 2005 05:09:10 -0700 (PDT)

I think nikto will serve your purposes.
It's a perl script used to test web servers, very
effective.

Felipe Balbi

--- Mike Tupker <mtupker () gmail com> wrote:

We have a IIS web server setup on our DMZ with a
connection to our DB
server which is running MS SQL server 7. Does anyone
know of a program
that will check the code in a web page for
vulnerabilities such as SQL
injections, overflows, or anything else that I might
not be aware of?
Basically, I would like to know if there is any way
for someone to use
the server on the DMZ to get to the DB server and
cause damage.

 

Thanks in advance,

Mike Tupker



[]'s

Felipe Balbi
Cel: (92) 8127-0839 
e-mail: felipebalbi () yahoo com
        felipebalbi () adarinfo com br

"Imagination is more important than knowledge."
                                Albert Einstein


                
__________________________________ 
Yahoo! Mail 
Stay connected, organized, and protected. Take the tour: 
http://tour.mail.yahoo.com/mailtour.html

Current thread:

SQL injections and connections to a DB Mike Tupker (Jul 12)
- Re: SQL injections and connections to a DB Tibor Csonka (Jul 13)
- Re: SQL injections and connections to a DB Felipe Balbi (Jul 13)
  - Re: SQL injections and connections to a DB Dean H. Saxe (Jul 15)