mercredi 27 mars 2019

idea to write a tool scan sql injection

I have some idea to write a tool scan sql injection but i think it is not enough.Can you help me some ideas ?

I thought about how to write this tool . I known about sqlmap and another tool but now i tried to write my tool to do this job. my idea :

Step1 get html of target url and analysis to find some form.

Step2 if no form -> no sql injection. else send request to server with some data(some special charater like ;,./... and some sql syntax ).

Step3 if webserver response some data or some information(it means webserver did not check data was sent from user has some special or sql syntax ) so it can be a sql injection.




Aucun commentaire:

Enregistrer un commentaire