Drew,
Quick question: Have you tried the Nikto plug-in? It may give you what
you are looking for...
You can download Nikto from here:
http://www.cirt.net/
--Keith
-----Original Message-----
From: Flickema, Drew W. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 1:56 PM
To: [EMAIL PROTECTED]
Subject: SQL Inject
Hi List-
I am looking into SQL Inject vulnerabilities. I am attempting to
determine if the current scripts will determine the following;
1). Will I be able to scan URL's as opposed to IP's to be able to scan
virtual websites?
2). Will I be able to crawl the complete site as opposed to the top
level page only?
3). Will it populate all form fields with test injection data?
4). Will the results which come back provide sufficient information to
determine a positive/negative result?
In initial review of the current scripts, I believe they fall short of
my requirements. Please correct me if I am wrong. Or open this thread
for further discussion on how I could modify the existing scripts to
fulfill my requirements.
Thank you,
Drew Flickema
