Crawling + SQL Injection With Scrawlr

June 24, 2008 by Eliot 3 Comments

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Exploit-Me Firefox XSS And SQL Scanning Addon

June 14, 2008 by Eliot 7 Comments

[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999]
One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.

Continue reading “Exploit-Me Firefox XSS And SQL Scanning Addon” →

Hackaday

sqlinjection

2 Articles

Crawling + SQL Injection With Scrawlr

Exploit-Me Firefox XSS And SQL Scanning Addon

Search

Never miss a hack

If you missed it

Mining And Refining: Uranium And Plutonium

Programming Ada: First Steps On The Desktop

The Hunt For MH370 Goes On With Barnacles As A Lead

MXM: Powerful, Misused, Hackable

VCF East 2024 Was Bigger And Better Than Ever

Our Columns

Keebin’ With Kristina: The One With The Transmitting Typewriter

Supercon 2023: Alex Lynd Explores MCUs In Infosec

FLOSS Weekly Episode 780: Zoneminder — Better Call Randal

Slicing And Dicing The Bits: CPU Design The Old Fashioned Way

Hackaday Links: April 21, 2024

Search

Never miss a hack

Subscribe

If you missed it

Our Columns