Re: Scanning for SQL Injection
- From: "rajat swarup" <rajats@xxxxxxxxx>
- Date: Thu, 28 Jun 2007 21:27:02 -0400
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Ron Johnson - Adhost
Sent: Thursday, June 28, 2007 11:07 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Cc: listbounce@xxxxxxxxxxxxxxxxx
Subject: Scanning for SQL Injection
Hi. I need to scan about 350+ sites from three different web servers that
all connect to one MS SQL server for SQL injection. Any ideas on how to make
this not take a long long time?
I like the Priamos tool but you can only scan one site at a time, and you
can't load a list of any sort, etc.
Any input is appreciated
Hi,
Paros spider + scanner should be able to do stuff without much
intervention. However, Paros will need a starting seed URL list. I'd
suggest write up a script in curl that loops through all the sites
using paros as a local proxy. This would give the seeds to Paros.
Once that is done, spider all URLs and then scan them.
HTH,
Rajat Swarup.
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
- References:
- Scanning for SQL Injection
- From: Ron Johnson - Adhost
- RE: Scanning for SQL Injection
- From: Yigit Aktan
- Scanning for SQL Injection
- Prev by Date: RE: Scanning for SQL Injection
- Next by Date: RE: Hardware/software secureIDs - pros and cons.
- Previous by thread: RE: Scanning for SQL Injection
- Index(es):
