Crawling + SQL injection with Scrawlr, Legal Document Translation, Patent Document Translation, Business Document Translation, Technical Document Translation, Academic Document Translation,

Crawling + SQL injection with Scrawlr

Willing to order the product? Consult "help online"

06-25 || Readers: 0

More articles from:

Hack a Day: hack a day serves up fresh hacks each day, every day from around the web and a special how-to hack each week.; 938 3

Scrawlr is the latest tool to come out of HP's Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they're vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can't do authentication or blind injection. It's still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Read Permalink Email this Linking Blogs Comments

Like this article? Click “Recommend” to let others know your interest. Click "Tool Box"-> "Save" to add this article as your favourite.