SQL
injection is a technique that exploits a security vulnerability
occurring in the database layer of an application. Mostly user input is
not filtered by the script, is then passed into a SQL statement.
SQL injection test tool was created for beginner webmasters. The
tool will perform simple test to check whether a webpage is vulnerable
to SQL injection. It cannot determine vulnerability for sure, but will
at least try.
Parameters
The tool expects an URL with parameters, like this:
http://www.example.com/articles/article.php?id=123&topic=injection It will not work if URL does not contain parameters. For example tool will not be able to check following URL:
http://www.example.com/articles/article.php How SQL Injection Test works
Script does parse URL provided, and modifies parameters to simulate simple SQL injection (adds double and single quotes). If resulting page contains error message generated by database management system (like MySQL, MSSQL, etc.) then script is most likely vulnerable to SQL injection. In this case SQL Injection Test tool will produce a warning.
http://www.zubrag.com/tools/sql-injection-test.php
The tool expects an URL with parameters, like this:
http://www.example.com/articles/article.php?id=123&topic=injection It will not work if URL does not contain parameters. For example tool will not be able to check following URL:
http://www.example.com/articles/article.php How SQL Injection Test works
Script does parse URL provided, and modifies parameters to simulate simple SQL injection (adds double and single quotes). If resulting page contains error message generated by database management system (like MySQL, MSSQL, etc.) then script is most likely vulnerable to SQL injection. In this case SQL Injection Test tool will produce a warning.
http://www.zubrag.com/tools/sql-injection-test.php
'데이터베이스' 카테고리의 다른 글
| ASM(Automatic Storage Management) (0) | 2010.04.29 |
|---|---|
| HWM(High Water Mark) (0) | 2010.04.29 |
| Undo 와 Redo 의 차이점 (1) | 2010.04.29 |