Penetration Testing mailing list archives

Re: Checking for SQL Injection

From: "Bruno Guerreiro Diniz" <bruno.diniz83 () gmail com>
Date: Wed, 3 Sep 2008 19:00:26 -0200

Dear Basha,

You can try one of them: W3AF, Nikto, Accunetix.
W3AF and Nikto are FREE but Accunetix is not!

2008/9/3 Basha, Arif <abasha () apa org>


What tool did you use for SQL Injection vulnerability scanning?

I am looking for one or more tools for this purpose.  May be others can
respond with any suggestions/comments.

Thanks.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Serg B
Sent: Tuesday, September 02, 2008 8:51 PM
To: GT GERONIMO, Frederick Joseph B.
Cc: pen-test () securityfocus com
Subject: Re: Checking for SQL Injection

On a side note - you may want to suggest to the client (I hope it's a
client) to disable Apache product tokens, and PHP reveal self
directives.  Headers appear to give away lots of potentially sensetive
information.

On Mon, Sep 1, 2008 at 6:35 PM, GT GERONIMO, Frederick Joseph B.
<fbgeronimo () globetel com ph> wrote:

Hello,

I ran a tool to verify if a website had SQL Injection. The tool

detected

Blind SQL Injection vulnerability. I have pasted the request and
response below.

Would you say that the tool's evaluation is accurate?

Is there anything that the web application can be doing to make this a
false-positive?

Thanks.


HTTP REQUEST
============

GET /prototype03/vulnerable.php?vid=zJrt&act=viewed&page=0.01 HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET

CLR

1.1.4322)
Host: www.victim.com
Authorization: Basic dTI0Y29tcGg6PCEzIzw3PjlBQnVu
Cookie:

PHPSESSID=b4499547c0c4f399ba649181d5e67f5c;vid11=6512bd43d9caa6e02c990b0

a82652dca;vid2=c81e728d9d4c2f636f067f89cc14862c;vid4=a87ff679a2f3e71d918

1a67b7542122c;vid8=c9f0f895fb98ab9159f51fd0297e236d;vid9=45c48cce2e2d7fb

dea1afc51c7c6ad26;vid7=8f14e45fceea167a5a36dedd4bea2543
Connection: Close
Pragma: no-cache


HTTP RESPONSE
=============

HTTP/1.1 200 OK
Date: Fri, 29 Aug 2008 10:00:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
PHP/5.2.6
X-Powered-By: PHP/5.2.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html

This e-mail message (including attachments, if any) is intended for

the use of the individual or the entity to whom it is addressed and may
contain information that is privileged, proprietary, confidential and
exempt from disclosure. If you are not the intended recipient, you are
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify the sender and delete this E-mail
message immediately.

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar

------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




--
Att,

Bruno Guerreiro Diniz
Consultor de Segurança da Informação
LPIC-1
-------------------------------------------------------------------
WebSite: http://www.portal.datasec.com.br
-------------------------------------------------------------------
E-mail / MSN / GTalk: bruno.diniz83 () gmail com
Skype / ooVoo: bruno.diniz83

This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose or take any action based
on this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Checking for SQL Injection GT GERONIMO, Frederick Joseph B. (Sep 02)
- Re: Checking for SQL Injection Serg B (Sep 03)
  - RE: Checking for SQL Injection Basha, Arif (Sep 03)
    - Re: Checking for SQL Injection Bruno Guerreiro Diniz (Sep 03)
    - Re: Checking for SQL Injection david lodge (Sep 10)
    - Re: Checking for SQL Injection Glenn Wilkinson (Sep 12)
    - Re: Checking for SQL Injection Jorge L. Vazquez (Sep 13)
    - Re: Checking for SQL Injection p4ssion (Sep 14)
- Re: Checking for SQL Injection Serg B (Sep 03)
- Message not available
  - Re: Checking for SQL Injection natron (Sep 03)
- Re: Checking for SQL Injection kevin horvath (Sep 03)
  - Re: Checking for SQL Injection kevin horvath (Sep 03)