SQL injection with 02 and FuzzDB Database plugin
O2 Database plugin testing for SQL injection.
Now that we have covered XSS with 02 we are going to go through SQL injection using FuzzDB.
Adam Muntner created it using a number of sources.
fuzzdb helps identify security flaws in applications by aggregating known attack patterns, predictable resource names, and server response messages to create a comprehensive, repeatable set of malformed input test cases.
svn checkout http://fuzzdb.googlecode.com/svn/trunk/ fuzzdb-read-only
This code uses the fuzzdb plugin and fuzz’s the database with different SQL injection payloads. It then takes screen shots of each successful iteration.
The screen shots are above. If you have any questions feel free to email me at firstname.lastname@example.org
Once again Parsons Software Security Consulting, LLC is offering unauthenticated scans for the holidays. A few people have taken me up on this offer.