I have some idea to write a tool scan sql injection but i think it is not enough.Can you help me some ideas ?
I thought about how to write this tool . I known about sqlmap and another tool but now i tried to write my tool to do this job. my idea :
Step1 get html of target url and analysis to find some form.
Step2 if no form -> no sql injection. else send request to server with some data(some special charater like ;,./... and some sql syntax ).
Step3 if webserver response some data or some information(it means webserver did not check data was sent from user has some special or sql syntax ) so it can be a sql injection.
Aucun commentaire:
Enregistrer un commentaire