FG-Injector - SQL Injection vulnerabilities scanner

Thursday, 19 Apr 2007 - 19:33 EST  |  Linux, Tools, Web Security, Windows

FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation.

It’s a common thought among web developers that by disabling error messages in their code, SQL injection vulnerabilities stop being relevant. When a SQL injection vulnerability doesn’t return errors messages it is known as a Blind Injection. With careful planning, attackers can obtain the same data through the Blind SQL Injection that they would obtain from a regular - non-blind- SQL injection.

The Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web servers using MS SQL Server, MySQL, and PostgresSql DBMSs.

FG-Injector Framework is available for both Linux and Windows platforms. Source code and binaries are available.


Comments

I’ve read the read me for FG Injector & I’m a bit confused to what they mean by:

Configure your browser to use the FG-Injector Framework as a proxy (on port 8888)

Can someone please help me out, it doesn’t give exact instructions on that step.

By foam on May 2nd, 2007 at 5:12 am

For Firefox: go to Tools->Options->Advance. Click on Settings and check Manual Proxy configuration. In the HTTP Proxy field type localhost and set the port to 8888.

For IE: go to Tools->Internet Options->Connections. Click on LAN settings and check Use a Proxy server for your LAN. In the Address field type localhost and set the port to 8888.

By admin on May 2nd, 2007 at 12:35 pm

Post a Comment


Security-Hacks is a web site that covers tips and tricks for security. Updated several times daily, Security-Hacks points out tools downloads, how-to's and tutorials.

Contact


Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com

subscribe

Enter your Email

Search

Latest Entries

Archives

Add to Technorati Favorites

Related Entries