Penetration Testing mailing list archives
SQL database enumerator
From: mel <meling () scan-associates net>
Date: Fri, 19 Apr 2002 18:28:53 +0800
Hi, Attached is a simple Perl code that enumerates any field, column or table from a SQL server. It works via GET request, but a simple modification for POST should be trivial. The only prerequisite is that you must provide the vulnerable app (its URL) and an initial query. Is anyone aware of any SQL injection scanner? I am planning to write one (only if I have the time :), I'm actually an IDS jockey), but would like to know wether an existing tool exist (free tools of course). Cheers, --mel Security Consultant, Intrusion Detection System SCAN Associates Sdn. Bhd.
Attachment:
sql_enum.pl
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- SQL database enumerator mel (Apr 19)