Quality Testing

Quality is delighting customers

How to use SQL Inject Me(Security Compass Tool) in web application front end.

Dear All,

Pls. help me How to use SQL Inject Me(Security Compass Tool) in web application front end.
pls. send details or demo and details steps .


Sandip Wagh

Tags: Security

Views: 2731

Reply to This

Replies to This Discussion

Hi, This is very good question , I am also looking answer for SQL injection . I think in Login page's text box like Username Text box pass SQL query -

Select * from table where filedname = " ' "

If I am wrong or any new update , let me know.
Thanks
Hitesh shah
hiteshshah19@gmail.com
Hi Hitesh,

Yes it is correct but above SQL query execute on DB . No. of SQL injection applying in DB.

or SELECT top 1 * FROM musers WHERE muser_empno = 'a' or 't'='t';


But i am using in front end application .
Enter user-name & password fields(text box) = or 1=1--

--Sandip Wagh
Hi,
I think you are right , using in front end application i don't know -
How to pass query in user-name & password fields(text box) ?
Pl reply me with any example.
Thanks
http://www.securiteam.com/securityreviews/5DP0N1P76E.html

the above link is the basics for SQL injection

And I am using that tool, it is very effective and all you have to do is

Just select the form where you need to check for SQL injection and in the browser Tools -> sqlinject me -> open SQL inject me Slide bar.

You will find the add on coming in the left side , just click on the Test all forms with all attacks , which is a generally check all the form with the possible string attacks and the result will open up in a separate tab where you can analyze the result for which sql string it failed.

Rest i guess you will explore your self the tool is very kool to check the SQL injection in the web page.

BEWARE Don run it in Live server it will submit the form each and every time the data will get stored in DB, Check your database once you complete a test, DON'T Run in live server b'cos u may not have the client server details, Best to do it in a TEST Server and Check ur DB often.

Hope this helps any doubt ping me,

Regards
Ragav
Hi Friends,

Data validation Should be strong..other wise SQL Injection possible to do.If you go through OWASP..you will get Good Idea

Regards
Pyla
Hi Raghv,
Can provide Security tool download URL
Hi Vivek ,

Security Tools can be downloaded by

1) http://www.parosproxy.com

2) http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project


Sandip Wagh
Hi ragav,

I was used that tool, its really great and Result (SQL injection and XSS) also very clear. One more thing, I got the result but i want to know how to verify this result is correct one? Why i asked this questions is developers doesn't accept the result for SQL injection and XSS.

I would like to know how to fix those issue by developers. Could you please give some Tips and Suggestion?

Thanks
Kumar
Hay, refer to the attached documents , it will help u alot
u can also refer OWASP (Open Web Application Security Protocol)> on wikipedia it will be of gr8 help ... tc
Attachments:
Hi SADIA SHAUKAT,


Thank for all document very useful for security testing.


Sandip Wagh
Hello, Please find the attachment...


"Quality does matter"
Attachments:

RSS

TTWT Magazine

Advertisement

Advertisement

Submit A Tool

Advertisement



Videos

  • Add Videos
  • View All

Badge

Loading…

© 2014   Created by Quality Testing.

Badges  |  Report an Issue  |  Terms of Service