Penetration Testing mailing list archives
RE: Help to Automate XSS and SQL
From: "Denny Roger" <Denny.Roger () sonangolpp com>
Date: Wed, 17 Dec 2008 15:37:08 +0100
Vinox, On October 9, Raviv Raz published a proof of concept tool about tests for SQL Injection via URL parameters. Raviv Raz rebuilt Injector. The new name is MultiInjector. Here's an update about Injector. http://chaptersinwebsecurity.blogspot.com/2008/11/multiinjector-v03-released.html Atenciosamente, Denny Roger Engenheiro de Redes Sênior em Segurança da Informação (DIT/DRC) Senior Network Security Engineer Telephone: (+244) 226 650 188 Mobile: (+244) 921 644 833 E-mail: denny.roger () sonangolpp com Rua Dack Doy nº 2 - Edificio Carmelitas - Bairro Azul Luanda -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Vin Oxious Sent: Tuesday, December 16, 2008 6:09 AM To: pen-test () securityfocus com Subject: Help to Automate XSS and SQL Hello Friends, Greetings of the day !! .. Recently I had carried out manual test with XSS and SQL. I have tried quite a lot of the variants.. but later on it was detected that it has XSS and SQL vulnerability. Since there are so many variants of XSS and SQL and cannot be tried of all those in a limited time span. What should I do to make sure that the site doesn't have XSS and SQL. Should I try with every SQL and XSS string. and use a automated brute force attack .. If yes .. can anyone suggest me some good tools that I can run from windows or browser ( similar to tamper data ,greasy monkey or any other windows tools ). Note : please don't suggest perl scripts or linux related scripts even though I would love to work upon :( Coz this is a windows environment. Thanks in advance for sharing your experiences :) regards, Vinox ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Help to Automate XSS and SQL Vin Oxious (Dec 16)
- Re: Help to Automate XSS and SQL Zack Payton (Dec 18)
- Re: Help to Automate XSS and SQL Jerome Athias (Dec 18)
- <Possible follow-ups>
- RE: Help to Automate XSS and SQL Denny Roger (Dec 18)