| 
  
        |  |  |  
      
        |  |  
  | 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 163 
  Members: 0 
  Total: 163 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | PHP Sql Injection Scanner Plan |  |  
	| 
	
		|  Posted: Wed Apr 06, 2005 1:13 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| murdock |  | Advanced user |  |  
  |  |  |  | Joined: Mar 16, 2005 |  | Posts: 54 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I'm planning to make a PHP SQL injection scanner. First, It will simply search recursivly all the php pages linked in a specified host, then It will catch all the variables that uses every php page, and finally, it will test SQL Injections in all variables of all php pages found examining the response page to check if it worked.
 
 I don't know what language to use. I need a nice gui because I want to make nice listing of the php and variables found. Maybe should I use VisualBasic? (yes, I know it sucks, but is so simple making a dumb program with a nice gui!), Delphi? (the same advantatges but less lame), a portable language?
 
 What you think guys? Nice idea? Lame idea? Already made? Thanks.
 Any help in project will be wellcome!
   
 Salut!
 |  |  
		|  |  |  
	|  |  
	|  | Re: PHP Sql Injection Scanner Plan |  |  
	| 
	
		|  Posted: Tue Aug 23, 2005 9:18 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| kyth |  | Beginner |  |  
  |  |  |  | Joined: Aug 23, 2005 |  | Posts: 2 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| In perspective it would be sort of neat, but I am against any things of that sort.  An automated tool goes against perfection and always is the base of a script kiddie. 
 Also, you can not always predict sql injection. I am sure waraxe still learns from it every time he finds some sort of advanced hole.  I have been messing with them for over a year now and I still learn.
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> PhpBB 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |  |