Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Databases Programming Software The Internet IT

Top 15 Free SQL Injection Scanners 103

Posted by kdawson from the looking-for-trouble dept.
J.R writes "The Security-Hacks blog has a summary of the 15 best free SQL Injection scanners, with links to download and a little information about each one. The list is intended asan aid for both web application developers and professional security auditors."
This discussion has been archived. No new comments can be posted.

Top 15 Free SQL Injection Scanners More

Top 15 Free SQL Injection Scanners

Comments Filter:

  • Re:Why is this needed at all? (Score:2, Informative)

    by koh ( 124962 ) on Sunday May 20, 2007 @03:32AM (#19196457) Journal
    The DB interface in PHP5 supports positional arguments AFAIK. Now, if only the service providers would switch to PHP5, there would be less problems. Unfortunately, it seems that, at least here, the major providers are still stuck in PHP4-for-compatibility-with-existing-apps mode.

  • Re:Why is this needed at all? (Score:5, Informative)

    by mabinogi ( 74033 ) on Sunday May 20, 2007 @04:42AM (#19196665) Homepage
    It's the completely wrong answer to the problem though, as it still promotes the idea of using SQL built by string concatenation.
    The result being that SQL injection is only one forgotten function call away.

  • Re:what exactly is an sql injection? (Score:4, Informative)

    by MickDownUnder ( 627418 ) on Sunday May 20, 2007 @05:20AM (#19196761)
    SQL injection attacks target code in which sql statements are dynamically created.

    e.g.

    'select * from employees where fullName like ' + mySQLInjectedInputFromUser

    where mySQLInjectedInputFromUser has been asssigned a value entered by the user:-

    Fred Flinstone; GO; delete employees; GO

  • Validating Input (Score:2, Informative)

    by mtjo ( 1080513 ) on Sunday May 20, 2007 @10:30AM (#19198095)
    Validating input prevents alot of problems. Prepared queries help but can still be exploited in poorly written statements. As in the classic SELECT query example, "where id=23 OR 1=1", using a datatype test as well as testing for null values for a $_GET or $_POST parameter before executing the query would throw back an error if expecting an unsigned integer.

  • One of the best SQL injection attacks I've seen... (Score:5, Informative)

    by thewils ( 463314 ) on Sunday May 20, 2007 @10:40AM (#19198159) Journal
    ...was in conjunction with an error page which displayed the results of failed SQL.

    I was able to change an innocuous 'select ... from catalog where section=1' into 'select ... from catalog where section=(select password from users where id=1)'.

    This was nicely reported back to me as a SQL error stating that SQL was unable to convert "sdfsdfsdfsdf" into an integer, where "sdfsdfsdfsdf" was user id 1's password. I reported the problem to the site's owners, and it was still a month before they fixed it.

    Moral of story - don't show the users any SQL errors, it gives them far too much information.

Slashdot Top Deals

Scientists will study your brain to learn more about your distant cousin, Man.

Close