The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 19, 2019, 06:03:40 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: SQLi Scanner that works?  (Read 3261 times)
herbacious
Journeyman
***
Offline Offline

Posts: 51


View Profile
« on: April 05, 2011, 03:37:46 AM »

Hi all

I have a client (in the day job) that has some unkown SQLi vulnerabilities.

I have access to the source code etc, but its massive

Anyone recommend any tools (FOSS) that will help me to track down these vulnerabilites?

I know this is probably script kiddie territory so if you don't want to disclose in the open a PM would be appreciated
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: April 05, 2011, 06:54:11 PM »

Do you have access to all the input points? Is it centralized access / dispatch or distributed (IE., is every page a standalone app?)
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
herbacious
Journeyman
***
Offline Offline

Posts: 51


View Profile
« Reply #2 on: April 06, 2011, 12:04:11 PM »

its a sprawling oscommerce based largely bespoke pile of code
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: April 07, 2011, 01:04:55 PM »

Ooog.

But most importantly, is a POST sent in through a single access point? If yes, you can build some traps in straight away ... But if POST input is distributed through the app you'll have much more trouble.

Are upstream-bound variables reliably named? IE., strName or phone or somehow identifiable so that you could write a little check function? There are several very easy things to trap for ... Never let a single or double quote through, things like that. My favorite check/clean for numerics is simply $_POST['theVar'] = $_POST['theVar'] - 0;

Again, if access is through a single point then you can include source of your making with a function that checks POST stuff before anything has a chance to touch it.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!