SQL injection attacks are one of the most common types of attacks against websites running any kind of SQL-based backend. An SQL injection attack involves injecting SQL parameters to web forms so that when the application processes the SQL, it executes the statement as it is with the extra parameters added by the attacker. This can be quite harmful if, for example, the attacker as a parameter adds a ‘semi-colon’ followed by an SQL statement to delete a table.
There are a lot of tools available to test a website for such vulnerabilities and SQL Fury is perhaps the first such free tool based on the Adobe Air platform.
Using the tool is as easy as downloading it, entering your site’s name in the text box and hitting the Start button.
- Free to use and download and does not require any registration.
- Based on the Adobe AIR platform and thus works on Windows, Linux as well as Mac OS X.
- At the end of the scan, the user gets a report with any possible vulnerabilities including the parameter where the injection succeded.
- Support MySQL, PostgresSQL, Oracle and MS SQL servers.
Check out SQL Fury @ www.sqlfury.com