Testing for SQL Injection VulnerabilityBy Regina Kwon | Posted 2002-11-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Will your Web site pass our security tests?
Look for common scripting-language file extensions--Microsoft Active Server Pages (*.asp) and Macromedia ColdFusion (*.cfm) scripts are usually the most vulnerable. The search field is your best bet; the Uniform Resource Locator (URL) on the results page will likely contain a script. Also try hovering your cursor over links while watching the bottom status bar. If the status bar doesn't display URLs, click on links and watch the address bar until you find a URL that has parameters.
Once you are on a page whose URL contains parameters, you are ready to test for SQL Injection vulnerability. There are two methods. Be sure to test each parameter value, one at a time, with each method.
Press the Enter or Return key. This will send your request to the Web server.
Most will look similar to the examples below.
Sometimes the error message does not display on screen. To find it, you may have to search the HTML source of the page. (View | Source in Microsoft Internet Explorer or View | Page Source in Netscape.) A document will open. Use that program's search tool to look for either of these phrases:
Microsoft OLE DB
Step 6. Learn more.
If you see one of the error messages shown or find Microsoft OLE DB or [ODBC] in the source code, then the site is vulnerable to SQL Injection. Read SPI Dynamics' SQL Injection white paper for advice on how to fix this vulnerability.