Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I recover an old website which is full of sql injection, I would need a tool if it exists, that crawl the whole site just by followings existing links on it, then try to put some sql injection contents into weak inputs.
I can check by myself but the site is rather big so I would prefer a crawler, to be sure i do not forget an entry…
thx
Ok after typing this post, I realize that I’m asking for an hacking tool, which is not the case of course :p, so any white hat techno available ?
You should fix your known problems before you look for automated tools.
You need to take the following steps:
mysql_real_escape_string()or similar if that is not practical.You should treat the above as a much higher priority than testing tools. Don’t even spend time looking for automated scanning tools until those are complete.
An automated SQL Injection tool is just not going to find all your problems, even those which are obvious to a competent attacker.
Until you have done both of the above, you will be wasting your time on automated tools.