Programming Help

Web Development



What's Here?

  • Members: 119,689
  • Replies: 437,863
  • Topics: 67,748
  • Snippets: 2,424
  • Tutorials: 642
  • Total Online: 2,089
  • Members: 90
  • Guests: 1,999

Who's Online?

Welcome to Dream.In.Code
Getting Help is Easy!

Join 119,689 Programmers for FREE! Ask your question and get quick answers from experts. There are 2,089 online right now! We've got more than 500 tutorials and 2,000 snippets. Join and find out why Dream.In.Code is the #1 programming help community on the internet! Registration is fast and FREE... Join Now!



Scrawlr - Finds SQL Injection Vulnerabilities

 
 Reply to this topicStart new topic

Scrawlr - Finds SQL Injection Vulnerabilities
snoj
post 27 Jun, 2008 - 06:46 AM
Post #1


$Null

Group Icon
Joined: 31 Mar, 2003
Posts: 3,304



Thanked 5 times

Dream Kudos: 700
My Contributions
It's a pretty neat tool. So far I've used it on a couple of my projects and it hasn't found any injection points!

The best part is, there should be no 1500 page limit!

https://download.spidynamics.com/Products/scrawlr/

[Admin Edit: Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. ]
User is offlineProfile CardPM

Go to the top of the page


skyhawk133
post 27 Jun, 2008 - 06:52 AM
Post #2


Head DIC Head

Group Icon
Joined: 17 Mar, 2001
Posts: 14,608



Thanked 39 times

Dream Kudos: 1650

Expert In: Web Development

My Contributions
I'm actually working on a presentation on XSS and SQL Injection and came across Scrawlr and ran it on a bunch of sites. Didn't find any vulnerabilities though. Kind of disappointing actually. I wanted to see it work.

I crawled 36,000 pages on DIC... so yeh, the 1,500 limit is non-existent.
User is offlineProfile CardPM

Go to the top of the page

joeyadms
post 27 Jun, 2008 - 07:18 AM
Post #3


D.I.C Head

Group Icon
Joined: 4 May, 2008
Posts: 145



Thanked 6 times

Dream Kudos: 600

Expert In: PHP, Web Security

My Contributions
Theres a couple of really great tools out there.

I used to be primarily a security auditor, and have used BeEF a lot.

Exploit-Me is also a neat firefox plugin for SQL/XSS tests.
User is offlineProfile CardPM

Go to the top of the page

PsychoCoder
post 27 Jun, 2008 - 07:24 AM
Post #4


using DIC.Core;

Group Icon
Joined: 26 Jul, 2007
Posts: 7,992



Thanked 86 times

Dream Kudos: 8100

Expert In: VB, VB.Net, C#, SQL, ASP, ASP.Net, Web Development, HTML, CSS, Win32 API, Javascript, mySQL, J#, GDI, Boo.Net

My Contributions
Thank you guys so much for this tool. I crawled the web application that I am currently rewriting (the beta version that is up is in classic ASP, we're rewriting it in ASP.NET w/C#) and it found some issues. I've been telling the owner that the current architecture is a SQL Injection waiting to happen and no one would listen, now I have the proof. Thanks!

PS: Those who know what the site is please don't be messing around lol, I'm trying to fix it lol
User is online!Profile CardPM

Go to the top of the page

ZachR
post 27 Jun, 2008 - 04:31 PM
Post #5


D.I.C Head

Group Icon
Joined: 15 Jun, 2008
Posts: 122



Thanked 2 times

Dream Kudos: 125
My Contributions
This is a great tool, thanks for the post. There are a few draw backs though, but its great for finding basic vulnerabilities that could one day bring your site down. tongue.gif
User is offlineProfile CardPM

Go to the top of the page

Fast ReplyReply to this topicStart new topic
Time is now: 10/15/08 11:55AM
Invision Power Board v2.1.7 © 2008  IPS, Inc.
Licensed to: MediaGroup1

Live Help!

Tutorials

Programming

Web Development

Reference Sheets

Code Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Thumb Drive

Partners

Top Contributors

Top 10 Kudos This Month