• 30
  • Jun

HP just announced the release of a new Windows security tool named Scrawlr - “SQL Injector and Crawler”.


image by cogdogblog

Scrawlr will crawl up to 1500 pages on your web site to check for the possibility of SQL injection points. More info:

Technical details for Scrawlr

* Identify Verbose SQL Injection vulnerabilities in URL parameters
* Can be configured to use a Proxy to access the web site
* Will identify the type of SQL server in use
* Will extract table names (verbose only) to guarantee no false positives

Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool

* Will only crawls up to 1500 pages
* Does not support sites requiring authentication
* Does not perform Blind SQL injection
* Cannot retrieve database contents
* Does not support JavaScript or flash parsing

Download Scrawlr from the HP site. [via hackademix.net]

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 12
  • Oct

SQL Injection
image via link

Yesterday, I came across a very interesting and ‘human’ readable article about SQL Injection. The article offers several examples and ways to prevent these attacks. Have a look and test your custom web application for SQL Injection attack.

http://www.unixwiz.net/techtips/sql-injection.html

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]