Security Basics mailing list archives

BlackBox testing for SQL injection

From: mickael kael <mickael.kael () gmail com>
Date: Tue, 28 Jun 2005 12:07:51 +0200

Hello,

I want to know if it is possible to find real SQL injection with blackbox tool.
For example, parosproxy print some alerts of SQL injection params. 
"GET http://192.168.1.4/test/html/modules.php?name=Your_Account&op=userinfo&bypass=1&uname=user'INJECTED_PARAM
HTTP/1.1
"
But how can we test it if we don't know table structure and source code ? 

Thanks in advance for your idea,

Best Cordially,

Mk,

Current thread:

BlackBox testing for SQL injection mickael kael (Jun 28)
- RE: BlackBox testing for SQL injection Miguel Dilaj (Jun 29)