Re: SQL injections and connections to a DB

From: Tibor Csonka (rawbite@gmail.com)
Date: Wed Jul 13 2005 - 02:56:42 EDT

• Next message: Moonen, Ralph: "RE: Pentest Letter of Achievement/Certificate"
• Previous message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• In reply to: Mike Tupker: "SQL injections and connections to a DB"
• Next in thread: Felipe Balbi: "Re: SQL injections and connections to a DB"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can use acunetix web vulnerability scanner (www.acunetix.com) ...

regards

----- Original Message -----
From: "Mike Tupker" <mtupker@gmail.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, July 13, 2005 12:40 AM
Subject: SQL injections and connections to a DB

We have a IIS web server setup on our DMZ with a connection to our DB
server which is running MS SQL server 7. Does anyone know of a program
that will check the code in a web page for vulnerabilities such as SQL
injections, overflows, or anything else that I might not be aware of?
Basically, I would like to know if there is any way for someone to use
the server on the DMZ to get to the DB server and cause damage.

Thanks in advance,

Mike Tupker

• Next message: Moonen, Ralph: "RE: Pentest Letter of Achievement/Certificate"
• Previous message: John Kinsella: "Re: Pentest Letter of Achievement/Certificate"
• In reply to: Mike Tupker: "SQL injections and connections to a DB"
• Next in thread: Felipe Balbi: "Re: SQL injections and connections to a DB"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT