[Nikto-discuss] SQL Injection with Nikto

Jabra jabra at spl0it.org
Sat Jun 21 05:14:35 UTC 2008


On 20.Jun.2008 11:59PM -0400, Sullo wrote:
> Curtis LaMasters wrote:
> > I've been trying to figure out how to scan a website for the ability 
> > to SQL inject (it's a website that I run yes...). Unfortunately I have 
> > not be able to get a desirable result.  I was hoping you all could 
> > point me in the right direction.
> 
> Check out Paros and WebScarab--you may have luck with them. Nikto isn't 
> built to crawl a site and look for something like unknown/undisclosed 
> SQLi in applications, but both them are (and are also free).
> 
> http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
> http://www.parosproxy.org/index.shtml

Curtis,


There are two addition tools that I can recommend.

One is burpsuite.

http://portswigger.net/suite/

Another web based proxy that does really awesome stuff. Check the
web app security book for more details.
http://www.amazon.com/gp/product/0470170778?ie=UTF8&tag=portswinet-20&link_code=as3&camp=211189&creative=373489&creativeASIN=0470170778

The second is sqlninja.

http://sqlninja.sourceforge.net/

All of these tools are included in Backtrack 3 which is
a security LiveCd that allows you too boot a cdrom containing
a Linux system along with all the security tools you need.


http://remote-exploit.org/backtrack.html


Regards,
Jabra

> 
> Regards
> Sullo
> 
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

-- 
Jabra < jabra at spl0it.org >
http://www.spl0it.org


More information about the Nikto-discuss mailing list