본문 바로가기

데이터베이스

Online Tools :: SQL Injection Vulnerability Test

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. Mostly user input is not filtered by the script, is then passed into a SQL statement. SQL injection test tool was created for beginner webmasters. The tool will perform simple test to check whether a webpage is vulnerable to SQL injection. It cannot determine vulnerability for sure, but will at least try. Parameters
The tool expects an URL with parameters, like this:
http://www.example.com/articles/article.php?id=123&topic=injection It will not work if URL does not contain parameters. For example tool will not be able to check following URL:
http://www.example.com/articles/article.php How SQL Injection Test works
Script does parse URL provided, and modifies parameters to simulate simple SQL injection (adds double and single quotes). If resulting page contains error message generated by database management system (like MySQL, MSSQL, etc.) then script is most likely vulnerable to SQL injection. In this case SQL Injection Test tool will produce a warning.


   http://www.zubrag.com/tools/sql-injection-test.php

'데이터베이스' 카테고리의 다른 글

ASM(Automatic Storage Management)  (0) 2010.04.29
HWM(High Water Mark)  (0) 2010.04.29
Undo 와 Redo 의 차이점  (1) 2010.04.29