Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 60
Members: 0
Total: 60
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Sql injection -> PHP Sql Injection Scanner Plan Goto page 1, 2, 3Next
Post new topicReply to topic View previous topic :: View next topic
PHP Sql Injection Scanner Plan
PostPosted: Wed Apr 06, 2005 1:13 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




I'm planning to make a PHP SQL injection scanner.
First, It will simply search recursivly all the php pages linked in a specified host, then It will catch all the variables that uses every php page, and finally, it will test SQL Injections in all variables of all php pages found examining the response page to check if it worked.

I don't know what language to use. I need a nice gui because I want to make nice listing of the php and variables found. Maybe should I use VisualBasic? (yes, I know it sucks, but is so simple making a dumb program with a nice gui!), Delphi? (the same advantatges but less lame), a portable language?

What you think guys? Nice idea? Lame idea? Already made? Thanks.
Any help in project will be wellcome! Very Happy

Salut!
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 1:18 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




Ooops! I think that the PhpBB subforum is not the place for my topic, can be moved?

Sorry!
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 2:23 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Your idea is great by my opinion. There are some sql injection automation tools allready developed in wild world, some of them as freeware and some as component from the high priced pentest package. But this field is not yet fully covered, so go on and give a try Smile
By the way, i am currently developing a tool, called SqlAxe - it is not a scanner, but exploiter. I mean, it will suppose, that pentester have allready found sql injection case and now wants to get maximum information from that security hole. So SqlAxe will try to enumerate databases/tables/fields, in case of M$Sql it will try to get access to shell etc ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Apr 06, 2005 3:11 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




have you read a paper from blackhat conference at USa in 2004

there is one speaker "cameron hotchkies" form 0x90.org presented a paper with title " bvlind Sql injection automation techniques" also included the tools

maybe u could refer to that

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Wed Apr 06, 2005 3:16 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




sorry i forgot,
for doing some scanning to the whole of sites, i think u can see httrack (httrack.com) script (coz im learning it too for my project)

*fyi : httrack is a web mirroring program Smile

maybe it is usefull for u too
if your project work perfect, maybe i can request some help from u , to combine with my "wxf" project. Wink

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Wed Apr 06, 2005 3:40 pm Reply with quote
LINUX
Moderator
Moderator
Joined: May 24, 2004
Posts: 404
Location: Caiman




exellent project, exist one scanner developed by TCPTEAM is very good

this scanner is fast but need more options



good idea murdock Wink
View user's profile Send private message Visit poster's website
PostPosted: Wed Apr 06, 2005 5:40 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




Ok!
I'm already working in it.
I finally use VisualBasic because a saw an ActiveX Control called "msinet.ocx" that is very simple to implement for grabbing the source code of a specific server, and good news: has PROXY SUPPORT! Very Happy
So a big lazy part is already made!
I explain how it works, alert me if there's an error on the "planning" (the way it works) please!:

It's a recursive algorithm that:
The first "current page" is the one who the user entered in the input box as target:

1- Grabs the html code of the "current" page.
2- Parses the code to extract all local links (php pages, html, etc..like a "Web Spider/Crawler" ), saves all the links in a list (both php and html, to check recursivly for more links). If the link points to a php page (with variables or not) it will save in a "special list" the page with his variables.
3-Loads the next page in the links list to check it recursivly.

After the algorithm finishes, we have a list with all php pages and his variables detected.
Now it's time to "check" all the php pages and all the variables of each one.

Sample:
If we detected the page:
"/info.php?name=Me&age=20&op=all"
It will try:
"/info.php?name=[SQL Injection]&age=20&op=all"
"/info.php?name=Me&age=[SQL Injection]&op=all"
"/info.php?name=Me&age=20&op=[SQL Injection]"

We "analyze" the returned code to view if the injection had worked.

What do you think guys?
Just a question: What I can use as "[SQL Injection]"? Any recommendation?

Thanks!
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 8:05 pm Reply with quote
devn00b
Regular user
Regular user
Joined: Feb 20, 2005
Posts: 22




for mysql db's i find that a simple "show databases;" is a good query to run
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 9:40 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




Hi to all and thanks for the replys/information!
I searched more about the 0x90.org group and I found an interesting tool named "Absinthe" which look nice but is not exactly a scanner and I didn't found the tools that appears at the published papers.
If anyone founds a tool similar at the one I want to make alert me!

Y3dips: Sure!, it will be nice to combine it with your tool! Very Happy
Waraxe: Maybe combine it with SqlAxe tool also? Wink
LINUX: Are you talking about rpvs? I tried it, seems good, but I scanned some sites without success Sad

Thanks to everybody for the support!
I'm very happy to be part of that forum with so nice people! Smile

P.D. Sorry for my baaaaad english!!!

Murdock
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 9:49 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




devn00b wrote:
for mysql db's i find that a simple "show databases;" is a good query to run


In case of mysql/php i can't see possibility to use "SHOW" query in sql injection exploit. Correct me please, if i am wrong...

You can use UNION and JOIN tricks, and of course subqueries, but subqueries are possible only in mysql version >= 4.1.x and they are not equally powefull compared to mssql for example...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Apr 07, 2005 12:43 am Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




Murdock:

http://blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies-tools-refs.zip

there the zip file, the program was written for windows and linux also some reference, n i think iot was very interesting to research

btw, it is a tool to automated the injection, maybe u can use it in injection phase Smile

for scanning, i suggect u to use crawler method , for exampe httrack Smile

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Fri Apr 08, 2005 12:30 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




Httrack....very very nice tool Very Happy

Thanks y3dips!!!
View user's profile Send private message
PostPosted: Fri Apr 08, 2005 12:42 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yes very good idea.
I'll take a look when it's finished.

Very busy...... drinking, smoking, exploiting, programming, eating, being lazy, and Wink

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 08, 2005 12:48 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




And whats even funnier is in my country it doesnt matter that Im 17

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 08, 2005 2:31 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




In New Zealand? Neutral
View user's profile Send private message
PHP Sql Injection Scanner Plan
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 3
Goto page 1, 2, 3Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.037 Seconds