Finding SQL Injection in your website
Thanks for visiting! If you're new here, you may want to subscribe to my Rss Feed. This blog posts regular Internet news, updates for apps, security, ideas, hacks, quick fixes and everything about hi-tech. Go ahead, subscribe to our feed!
A really good software that I want to show you today is Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!
Technical details for Scrawlr
- Identify Verbose SQL Injection vulnerabilities in URL parameters
- Can be configured to use a Proxy to access the web site
- Will identify the type of SQL server in use
- Will extract table names (verbose only) to guarantee no false positives
This blog is about Hacks, Tips and Free Resourses for the Word Wide Web. Comments are welcome! Feel free to 
lirent.net