Penetration Testing mailing list archives

Re: Help to Automate XSS and SQL

From: "Zack Payton" <zpayton () gmail com>
Date: Tue, 16 Dec 2008 17:12:35 -0600

Vin,

You are aware that perl runs on more platforms than just *nix, right?
Create a list of all the possible inputs (search boxes, user agent
field, login boxes, password boxes.
Once you have a comprehensive list, you have a good idea of the
possible inputs that you can manipulate.
Then you can start trying various javascript and SQL inputs to attempt
to get some non standard response.
This is by far from comprehensive, but should get you started in the
right direction.
Best of luck!
Z


On Mon, Dec 15, 2008 at 11:09 PM, Vin Oxious <vinoxious () gmail com> wrote:

Hello Friends,

              Greetings of the day !! .. Recently I had carried out
manual test with XSS and SQL. I have tried quite a lot of the
variants.. but later on it was detected that it has XSS and SQL
vulnerability.

Since there are so many variants of XSS and SQL and cannot be tried of
all those in a limited time span. What should I do to make sure that
the site doesn't have XSS and SQL.

Should I try with every SQL and XSS string. and use a automated brute
force attack .. If yes .. can anyone suggest me some good tools that I
can run from windows or browser ( similar to tamper data ,greasy
monkey or any other windows tools ).

Note : please don't suggest perl scripts or linux related scripts even
though I would love to work upon :(  Coz this is a windows
environment.


Thanks in advance for sharing your experiences :)

regards,
Vinox

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Help to Automate XSS and SQL Vin Oxious (Dec 16)
- Re: Help to Automate XSS and SQL Zack Payton (Dec 18)
- Re: Help to Automate XSS and SQL Jerome Athias (Dec 18)
- <Possible follow-ups>
- RE: Help to Automate XSS and SQL Denny Roger (Dec 18)