begood Posted April 5, 2010 Report Posted April 5, 2010 ParametersThe tool expects an URL with parameters, like this:http://www.example.com/articles/article.php?id=123&topic=injectionIt will not work if URL does not contain parameters. For example tool will not be able to check following URL:http://www.example.com/articles/article.phpHow SQL Injection Test worksScript does parse URL provided, and modifies parameters to simulate simple SQL injection (adds double and single quotes). If resulting page contains error message generated by database management system (like MySQL, MSSQL, etc.) then script is most likely vulnerable to SQL injection. In this case SQL Injection Test tool will produce a warning.:: SQL Injection Vulnerability Test :: Online Tools Quote
denjacker Posted April 5, 2010 Report Posted April 5, 2010 Doar adauga "' (double and single quotes) inaintea parametrului.Cat timp apare un Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource sau You have an error in your SQL syntax; scriptul detecteaza o vulnerabilitate sql ; else Test did not reveal SQL injection vulnerability.Eficienta: sub 5 %Exemplu: http://www.ruslana.ua/en/press.php?ln=2&pr=1 --->UNDETECTED Quote
