File sql-injection
Script types:
portrule
Categories:
intrusive, vuln
Download: http://nmap.org/svn/scripts/sql-injection.nse
User Summary
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack.
The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool.
We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites.
Script Arguments
sql-injection.maxdepth
The maximum depth to spider; default 10.
sql-injection.start
The path at which to start spidering; default /.
http-max-cache-size, http.pipeline, http.useragent
See the documentation for the http library.httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.withindomain, httpspider.withinhost
See the documentation for the httpspider library.Example Usage
nmap -sV --script=sql-injection <target>
Script Output
PORT STATE SERVICE 80/tcp open http | sql-injection: Host might be vulnerable | /a_index.php?id_str=1'%20OR%20sqlspider | /a_index.php?id_str=1'%20OR%20sqlspider | /a_index.php?id_str=2'%20OR%20sqlspider
Requires
Author: Eddie Bell
License: Same as Nmap--See http://nmap.org/book/man-legal.html
