Jump to content

Sql Injection Testing


TheKingUnderTheHill
 Share

Recommended Posts

College Project for downloading a VM vulnerable to SQLi

http://www.cis.syr.edu/~wedu/seed/lab_env.html

PDF Instructions for VM setup: http://www.google.com/url?sa=t&rct=j&q=sql injection test virtual machine&source=web&cd=1&ved=0CEkQFjAA&url=http://www.cis.syr.edu/~wedu/seed/Labs/Attacks_SQL_Injection/SQL_Injection.pdf&ei=GIKgT5XsD8bfggeQtbn5DQ&usg=AFQjCNFuR0TSTqj9VB4cqPqUJFF8jPOBnw

edit:PDF Link http://bit.ly/KtGzF2

Edited by digip
Link to comment
Share on other sites

Thanks for the help, really appreciated!

Unfortunately the second link is invalid, cant believe I didnt think to use a VM before!

Try http://bit.ly/KtGzF2 for the PDF.

Link to comment
Share on other sites

Look at Iron Geeks site, he has a huge list of vulnerable software which includes vulnerable web apps to go for. Off the top of my head you can look at the Hackme range from Foundstone and Webgoat from OWASP. Also, my favourite, DVWA which you can get as a bootable image (perfect for a VM) which was written by a friend of mine and I've contributed little bits to.

Link to comment
Share on other sites

I don't mind questions, I start to object when people don't say thanks and don't put effort in to do some research before hand or don't feedback afterwards.

As long as you join in and don't expect to be spoon fed you'll get help

Link to comment
Share on other sites

  • 1 month later...

if your looking for tools i highly recomend...

sql ninja and sqlmap

No doubt, they are good tools, but I would recommend learning SQL injection manually before attempting the tools.

It helps you develop an understanding of how the tools work in general. I'd also recommend to buy the "Basics of Hacking and Penetration testing" book, to help you further.

Edited by Infiltrator
Link to comment
Share on other sites

  • 4 weeks later...

No doubt, they are good tools, but I would recommend learning SQL injection manually before attempting the tools.

It helps you develop an understanding of how the tools work in general. I'd also recommend to buy the "Basics of Hacking and Penetration testing" book, to help you further.

I fully agree with you but there are some SQL Injection techniques that are very hard to do manually because they either require a lot of work (blind SQLi) or are time based attacks, here a good tool is the only solution ...

Also when testing my own application I will always run any tool I can find (mostly just using default options) against it to make sure the script kiddies cannot get in easily ...

Link to comment
Share on other sites

You want to get "The Web Application Hackers handbook vol1 and 2"

You can get them in PDF off the net if you cant hit me up I will upload them to my site for download

I've been wondering, is the vol1 the predecessor of vol 2? And is it worthwhile to read both, I'm currently using the vol 2 to help me prepare for the SANS542 exam ...

Sorry for this of topic reaction ;-)

Link to comment
Share on other sites

  • 2 weeks later...

Here is an excelent tutorial for SQL injection that can be found on the Backtrack 5 forums. The author has a video on the manual and automated methods as well as full descriptions of each and copies of the code. Excelent learning reference.

http://www.backtrack...ead.php?t=47186

Edited by Saelani
Link to comment
Share on other sites

The guys at the hackforums.net has great SQL Injection tutorials, you might want to check them as well.

Edited by Infiltrator
Link to comment
Share on other sites

  • 4 weeks later...

Check out GameOver ;)

To practice:

  • XSS
  • CSRF
  • RFI & LFI
  • BruteForce Authentication
  • Directory/Path traversal
  • Command execution
  • SQL injection

Contains:

  • DVWA (Damn Vulnerable Web Application)
  • OWASP WebGoat
  • Ghost
  • Mutillidae
  • Zap-Wave
  • OWASP Hacademic Challenges
  • OWASP Vicnum
  • WackoPicko
  • OWASP Insecure Web App
  • BodgeIT
  • PuzzleMail
  • WAVSEP

Run it in you favorite VM software as Live CD

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...