Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top 15 Free SQL Injection Scanners

Posted by kdawson on from the looking-for-trouble dept.

J.R writes "The Security-Hacks blog has a summary of the 15 best free SQL Injection scanners, with links to download and a little information about each one. The list is intended asan aid for both web application developers and professional security auditors."

5 of 103 comments (clear)

  1. Re:Why is this needed at all? by koh · · Score: 1, Informative

    The DB interface in PHP5 supports positional arguments AFAIK. Now, if only the service providers would switch to PHP5, there would be less problems. Unfortunately, it seems that, at least here, the major providers are still stuck in PHP4-for-compatibility-with-existing-apps mode.

    --
    Karma cannot be described by words alone.
  2. Re:Why is this needed at all? by mabinogi · · Score: 5, Informative

    It's the completely wrong answer to the problem though, as it still promotes the idea of using SQL built by string concatenation.
    The result being that SQL injection is only one forgotten function call away.

    --
    Advanced users are users too!
  3. Re:what exactly is an sql injection? by MickDownUnder · · Score: 3, Informative

    SQL injection attacks target code in which sql statements are dynamically created.

    e.g.

    'select * from employees where fullName like ' + mySQLInjectedInputFromUser

    where mySQLInjectedInputFromUser has been asssigned a value entered by the user:-

    Fred Flinstone; GO; delete employees; GO

  4. Validating Input by mtjo · · Score: 2, Informative

    Validating input prevents alot of problems. Prepared queries help but can still be exploited in poorly written statements. As in the classic SELECT query example, "where id=23 OR 1=1", using a datatype test as well as testing for null values for a $_GET or $_POST parameter before executing the query would throw back an error if expecting an unsigned integer.

  5. One of the best SQL injection attacks I've seen... by thewils · · Score: 4, Informative

    ...was in conjunction with an error page which displayed the results of failed SQL.

    I was able to change an innocuous 'select ... from catalog where section=1' into 'select ... from catalog where section=(select password from users where id=1)'.

    This was nicely reported back to me as a SQL error stating that SQL was unable to convert "sdfsdfsdfsdf" into an integer, where "sdfsdfsdfsdf" was user id 1's password. I reported the problem to the site's owners, and it was still a month before they fixed it.

    Moral of story - don't show the users any SQL errors, it gives them far too much information.

    --
    Once I was a four stone apology. Now I am two separate gorillas.