Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803541 |
Kategorie: | Nmap NSE |
Titel: | Nmap NSE 6.01: sql-injection |
Zusammenfassung: | Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack.;;The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine;crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see;if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more;complicated is better suited to a standalone tool.;;We may not have access to the target web server's true hostname, which can prevent access to;virtually hosted sites.;;SYNTAX:;;httpspider.withinhost: only spider URLs within the same host.;(default: true);;httpspider.maxpagecount: the maximum amount of pages to visit.;A negative value disables the limit (default: 20);;httpspider.withindomain: only spider URLs within the same;domain. This widens the scope from 'withinhost' and can;not be used in combination. (default: false);;httpspider.maxdepth: the maximum amount of directories beneath;the initial url to spider. A negative value disables the limit.;(default: 3);;httpspider.url: the url to start spidering. This is a URL;relative to the scanned host eg. /default.html (default: /);;sql-injection.start: The path at which to start spidering, default '/'.;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;sql-injection.maxdepth: The maximum depth to spider, default 10.;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;httpspider.noblacklist: if set, doesn't load the default blacklist |
Beschreibung: | Summary: Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool. We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites. SYNTAX: httpspider.withinhost: only spider URLs within the same host. (default: true) httpspider.maxpagecount: the maximum amount of pages to visit. A negative value disables the limit (default: 20) httpspider.withindomain: only spider URLs within the same domain. This widens the scope from 'withinhost' and can not be used in combination. (default: false) httpspider.maxdepth: the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3) httpspider.url: the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /) sql-injection.start: The path at which to start spidering, default '/'. http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). sql-injection.maxdepth: The maximum depth to spider, default 10. http-max-cache-size: The maximum memory size (in bytes) of the cache. httpspider.noblacklist: if set, doesn't load the default blacklist CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Copyright | Copyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |