Top 15 Free SQL Injection Scanners

← Back to Stories (view on slashdot.org)

Top 15 Free SQL Injection Scanners

Posted by kdawson on Saturday May 19, 2007 @07:02PM from the looking-for-trouble dept.

J.R writes "The Security-Hacks blog has a summary of the 15 best free SQL Injection scanners, with links to download and a little information about each one. The list is intended asan aid for both web application developers and professional security auditors."

3 of 103 comments (clear)

Min score:

Reason:

Sort:

Re:Why is this needed at all? by mabinogi · 2007-05-19 20:42 · Score: 5, Informative

It's the completely wrong answer to the problem though, as it still promotes the idea of using SQL built by string concatenation.
The result being that SQL injection is only one forgotten function call away.

--
Advanced users are users too!
Re:what exactly is an sql injection? by MickDownUnder · 2007-05-19 21:20 · Score: 3, Informative

SQL injection attacks target code in which sql statements are dynamically created.

e.g.

'select * from employees where fullName like ' + mySQLInjectedInputFromUser

where mySQLInjectedInputFromUser has been asssigned a value entered by the user:-

Fred Flinstone; GO; delete employees; GO
One of the best SQL injection attacks I've seen... by thewils · 2007-05-20 02:40 · Score: 4, Informative

...was in conjunction with an error page which displayed the results of failed SQL.

I was able to change an innocuous 'select ... from catalog where section=1' into 'select ... from catalog where section=(select password from users where id=1)'.

This was nicely reported back to me as a SQL error stating that SQL was unable to convert "sdfsdfsdfsdf" into an integer, where "sdfsdfsdfsdf" was user id 1's password. I reported the problem to the site's owners, and it was still a month before they fixed it.

Moral of story - don't show the users any SQL errors, it gives them far too much information.

--
Once I was a four stone apology. Now I am two separate gorillas.