...

/

Automatically Finding SQL Injections

Automatically Finding SQL Injections

Learn how to automate the process of discovering possible SQL injections in a web application.

Overview

We’ve already discussed how to manually find areas that are susceptible to SQL injection. We’ve also discussed how to further probe those areas and then actually exploit them. Sometimes though, we just don’t have the time to manually go through all the possible areas on a web application and try out everything that comes to mind. This is where a pentester should adopt a systematic approach, and automated tools enter the stage. Some of the common tools are:

  • sqlmap
  • jSQL Injection
  • DSSS
  • Metasploit (ships with a number of scanners)
  • Nmap (queries a list of database vulnerabilities against
...