From: mel (meling@scan-associates.net)
Date: Fri Apr 19 2002 - 06:28:53 EDT
Hi,
Attached is a simple Perl code that enumerates any field, column or
table from a SQL server. It works via GET request, but a simple
modification for POST should be trivial. The only prerequisite is
that you must provide the vulnerable app (its URL) and an initial
query.
Is anyone aware of any SQL injection scanner? I am planning to write
one (only if I have the time :), I'm actually an IDS jockey), but
would like to know wether an existing tool exist (free tools of course).
Cheers,
--mel
Security Consultant, Intrusion Detection System
SCAN Associates Sdn. Bhd.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT