|
SQL injection & Paros Proxy |
|
|
|
Tuesday, 28 August 2007 |
Only a few weeks ago, on August 12, 2007, the United Nations web site
was defaced. A few weeks before that, on June 29, 2007, the Microsoft
UK web site was defaced as well.
This blog outlines the steps to
assessment if there are sql_injections vulnerabilities on a specific
website using the free Paros Proxy, a web security assessment tool:
1. Download a copy from http://parosproxy.org.
2. Configure Firefox browser as follows:
- Select Tools, Options, Advanced, Network, Settings
- Check the box 'Manual proxy configuration'
- type in 'localhos' and '8080' for HTTP proxy and Port. Click ok
3. Start Paros and Firefox
- Browse the site to be scanned
- On the left pane of Paros, select the site added from browsing
- Select Analyse, Scan Policy, Injection to see if sql_injection is
checked
- Select Scan
- Select Report, Last Scan Report to see the assessments - and actions
to fix the vulnerabilities.
|
