The regretable thing about security tests is that one failed test
(successful injection) tells you a lot. But any number of successful
tests (failed injections) tell you relatively little.
However, your example is missing the single quote usually
needed to inject SQL. You want
' or 1 = 1 --
for the classic example. See (and try) demo.testfire.net - username
is jsmith, and the demo bank is open to that string.
But encoding based attacks can appear not to have the single quote.
A simple input of ' or -- reveals an SQL error message; that is a good
clue to an inadequate input filtering strategy. A quick google for
'SQL Injection checklist' yielded a collection on cgisecurity, including
http://www.cgisecurity.com/lib/sql-insertion.txt
which is a good illustration of what can be done with patience.
Even creating a new user and getting the database to reveal
passwords.
You could block many of those techniques and leave just one
vulnerable. You'd still be vulnerable. So you need more than one
test case. Your one test (corrected) is necessary, but not
sufficient.
A check at freshmeat.net found four open source SQL injection
testers. I don't know any of them well enough to have an opinion.
--
Henry Troup
htroup@acm.org
On Fri Feb 23 18:12 , "IRM" sent:
Dear all,
Excuse me for this basic question. Just wondering in regards to the SQL
injection, is it sufficient to insert the input with "1=1--" to test
whether a site is vulnerable to the SQL injection? How much level of
assurance can we get by testing the SQL injection limited to "1=1--"?
If I am not wrong I guess most of the security aspects in Web
application are mainly around input validation. So I was wondering is
there any free open source software to automate all the input? Or maybe
a list of stuff that usually need to test? Say SQL Injection or XSS? Is
there a list of parameters kind of cheat sheet?
John,
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx\?id=701500000008fH6
--------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------
