Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: SQL database enumerator

SQL database enumerator

From: mel <meling_at_scan-associates.net>
Date: Fri, 19 Apr 2002 18:28:53 +0800

Hi,

Attached is a simple Perl code that enumerates any field, column or
table from a SQL server. It works via GET request, but a simple
modification for POST should be trivial. The only prerequisite is
that you must provide the vulnerable app (its URL) and an initial
query.

Is anyone aware of any SQL injection scanner? I am planning to write
one (only if I have the time :), I'm actually an IDS jockey), but
would like to know wether an existing tool exist (free tools of course).

Cheers,

--mel
Security Consultant, Intrusion Detection System
SCAN Associates Sdn. Bhd.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Received on Apr 20 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]