Home page logo
/

basics logo Security Basics mailing list archives

BlackBox testing for SQL injection
From: mickael kael <mickael.kael () gmail com>
Date: Tue, 28 Jun 2005 12:07:51 +0200

Hello,

I want to know if it is possible to find real SQL injection with blackbox tool.
For example, parosproxy print some alerts of SQL injection params. 
"GET http://192.168.1.4/test/html/modules.php?name=Your_Account&op=userinfo&bypass=1&uname=user'INJECTED_PARAM
HTTP/1.1
"
But how can we test it if we don't know table structure and source code ? 

Thanks in advance for your idea,

Best Cordially,

Mk,


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]