|
Hi list, I just read a blog post by Chema Alonso [1] (maybe the Spanish guys know him, or last BlackHat Europe atendees) about what he calls "Inverted SQL Injection". He tested different webapp vulnerability scanners against a vulnerable site with a blind sql injection sentence, only with the where comparison inverted: “Select * from noticias where ”+get(ID)+”=id;” All the scanners tested (Acunetix, IBM Rational AppScan and Paros in this first episode) fail to find this vuln, even when they can detect it easily with the usual sentence. It is not likely to find this sentence in real apps, but it is perfectly valid. I am not sure if web app scanners, particularly w3af, should include testing patterns for this type of sentence (or maybe it already does?) What do you think? Probably the solution would be just to add more attack patterns to test, taking this sentence structure into account. [1] http://elladodelmal.blogspot.com/2009/09/inverted-sql-queries-i-de-ii.html (in Spanish) |
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
