Quality Testing

Quality is delighting customers

How to use SQL Inject Me(Security Compass Tool) in web application front end.

Dear All,

Pls. help me How to use SQL Inject Me(Security Compass Tool) in web application front end.
pls. send details or demo and details steps .

Sandip Wagh

Views: 4521

Reply to This

Replies to This Discussion

Hi, This is very good question , I am also looking answer for SQL injection . I think in Login page's text box like Username Text box pass SQL query -

Select * from table where filedname = " ' "

If I am wrong or any new update , let me know.
Hitesh shah
Hi Hitesh,

Yes it is correct but above SQL query execute on DB . No. of SQL injection applying in DB.

or SELECT top 1 * FROM musers WHERE muser_empno = 'a' or 't'='t';

But i am using in front end application .
Enter user-name & password fields(text box) = or 1=1--

--Sandip Wagh
I think you are right , using in front end application i don't know -
How to pass query in user-name & password fields(text box) ?
Pl reply me with any example.

the above link is the basics for SQL injection

And I am using that tool, it is very effective and all you have to do is

Just select the form where you need to check for SQL injection and in the browser Tools -> sqlinject me -> open SQL inject me Slide bar.

You will find the add on coming in the left side , just click on the Test all forms with all attacks , which is a generally check all the form with the possible string attacks and the result will open up in a separate tab where you can analyze the result for which sql string it failed.

Rest i guess you will explore your self the tool is very kool to check the SQL injection in the web page.

BEWARE Don run it in Live server it will submit the form each and every time the data will get stored in DB, Check your database once you complete a test, DON'T Run in live server b'cos u may not have the client server details, Best to do it in a TEST Server and Check ur DB often.

Hope this helps any doubt ping me,

Hi Friends,

Data validation Should be strong..other wise SQL Injection possible to do.If you go through OWASP..you will get Good Idea

Hi Raghv,
Can provide Security tool download URL
Hi Vivek ,

Security Tools can be downloaded by

1) http://www.parosproxy.com

2) http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Sandip Wagh
Hi ragav,

I was used that tool, its really great and Result (SQL injection and XSS) also very clear. One more thing, I got the result but i want to know how to verify this result is correct one? Why i asked this questions is developers doesn't accept the result for SQL injection and XSS.

I would like to know how to fix those issue by developers. Could you please give some Tips and Suggestion?

Hay, refer to the attached documents , it will help u alot
u can also refer OWASP (Open Web Application Security Protocol)> on wikipedia it will be of gr8 help ... tc

Thank for all document very useful for security testing.

Sandip Wagh
Hello, Please find the attachment...

"Quality does matter"


TTWT Magazine





© 2018   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service