Scanning for SQL Injection Vulnerabilities
Vulnerabilities in Web database applications can provide the means to steal large quantities of proprietary and confidential information. A common class of vulnerabilities is SQL Injection attacks. Detecting the full range of SQL injection vulnerabilities is not trivial but fortunately one of the Open Web Application Security Project (OWASP) initiatives addresses the problem. Known as SQLix, this SQL scanner “able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL).”
According to the project documentation,
SQLiX uses multiple techniques to determine if the current server-side script is vulnerable to SQL Injection, conditional errors injection, blind injection based on integers, strings or statements, [and] MS-SQL verbose error messages ("taggy" method)
SQLiX using UDF (User defined functions) or function calls thus no need to reverse engineer the original SQL syntax
SQLix is able to identify the database version and gather sensitive information for the following SQL servers: MS-Access, MS-SQL, MySQL, Oracle and PostgreSQL.
The comparison module of SQLiX is able to deal with complex HTML contents even when they include dynamic ads
SQLiX contains an exploit module to demonstrate how a hacker could exploit the found SQL injection to gather sensitive information
The program is written in Perl so running from a command line, piping output, and scanning the results is straightforward to script. Examples of the output of the program can be found at the project site.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
