SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn’t need to reverse engineer the original SQL request (using only function calls).
SQLiX is a SQL Injection scanner which attempts to fill the gap between what commercial software available on the market can do and what can really be done to detect and identify SQL injection.
Current injection methods used by commercial web assessment software are based on error generation or statement injections.
Error Generation
The error generation method is quite simple and is based on meta characters like single quotes or double quotes. By injecting these characters in the original SQL request, you generate a syntax error which could result in an SQL error message displayed in the HTTP reply. The main issue with this technique is the fact that it’s only based on pattern matching. There is no way to handle multiple languages or complex behaviors when the error message is filtered by the server-side scripts.
Statement Injection
The second method used is statement injection. Let’s look at an example:
The target URL
http://target.example.com/news.php?id=25.http://target.example.com/news.php?id=25%20or%201=1
http://target.example.com/news.php?id=25%20or%201=0 Another global issue concerning SQL injection is the fact that pen testers frequently conclude that a given SQL injection vulnerability can’t be exploited. By concluding this incorrect statement they are inviting their customers to not patch the vulnerability.
You can download here:
OWASP SQLiX v1.0
Documentation and examples are here:
OWASP SQLiX Project
0 comments:
Post a Comment