Geek Answers Handbook

How to find vulnerabilities in sql injection?

Is there a way to find SQL injection vulnerabilities?

Note. I ask how to find them on the server on which you control so that you can fix them. I do not ask how to find them on another server in order to use them.

Is there a way to find every mysql_query() event without opening each page and doing ctrl+f ?

+6
security php sql-injection
source share
5 answers

Using linux, you can use the grep utility.

 find /dir/containing/files -type f -name '*.php'|xargs grep --color=auto "mysql_query"
  • /dir/containing/files : The directory containing your PHP files, e.g. /home/user/domains/example.com/public_html
  • -type f : search only files (not directories)
  • -name '*.php' matches files ending in .php only. If you also like other files, such as .inc , use this instead: -name '*.php' -o -name '*.inc' (matches * .php OR * .inc)
  • |xargs grep use the contents of the found files to search
  • --color=auto highlights the found part
  • "mysql_query" search terms
+10
source share

No, there is no easy way. And if there is, it is NOT flawless.

As the saying goes, you should look into this question / answer and apply them.

To search for mysql_query() , you can use the search function of a text editor in files. I use Notepad ++ , and it has search-in-files , which can search for any string like mysql_query in a directory and a subdirectory with a specific extension (.php in your case).

A screenshot tutorial for Notepad ++ is here .

+6
source share

There is an open source project created in python called w3af which, among other things, is used to find problems with SQL injections.

Download it from the page, and then when you run it, select the fast_scan profile, and enter the URL on the target (it could be something like http: // localhost: 8080 if you work locally) and run the application.

If he can find any problem with SQL injection, she will let you know.

This step can be performed after checking all of your mysql_query calls to verify that everything is working fine.

+2
source share

By far, the best way to find SQL Injection Vulnerablites is to use Fuzzer, such as Acunetix ($) NTOSpider ($$ $), Wapitit (open source, very good), W3AF (open source, not very good).

Make sure dispaly_errors = On These tools detect SQL injection by inserting bad data such as '" and see if an error is displayed. They also detect SQL injection by entering queries that take a lot of time, such as ' sleep(30)-- to find out if the query is taking more than 30 seconds.

0
source share

If you want to find the Red Gate command excellent SQL Search , try (its free!), But it is only for SQL Server.

-one
source share

More articles:


All Articles