Section 9.3. Using the Scanner


9.3. Using the Scanner

You use extendedScanner.pl in virtually the same way in which you use simpleScanner.pl. Like the previous scanner, extendedScanner.pl requires an input file generated using parseLog.pl, and it supports the same options. For reference, here is some sample output from the scanner:

** Extended Web Application Scanner ** ** Beginning Scan ** .......... ALERT: Directory Listing Detected: => GET /images/ .... ALERT: Database Error Message Detected: => POST /search.asp?cat=te'st&searchstring= .. ALERT: Possible SQL Injection Exploit: => POST /search.asp?cat=1'%20OR%201%3D1--&searchstring= ................. ALERT: Possible SQL Injection Exploit: => POST /search.asp?cat=1'%20UNION%20ALL%20SELECT%20CONVERT(INT,1),CONVERT(INT,1), CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT (VARCHAR,1)%20FROM%20MASTER..SYSDATABASES--&searchstring= ....... ALERT: 500 Error Code Detected: => GET /template.asp?content=te'st ........................ ALERT: Generic Error Message Detected: => POST /login.asp?txtUsername=te'st&txtPassword=password&action=login& session=1 .. ALERT: Possible SQL Injection Exploit: => POST /login.asp?txtUsername=1'%20OR%201%3D1--&txtPassword=password& action=login&session=1 .................................. ALERT: Possible SQL Injection Exploit: => POST /login.asp?txtUsername=1'%20UNION%20ALL%20SELECT%20CONVERT(INT,1), CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(INT,1),CONVERT(VARCHAR,1), CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(INT,1), CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1), CONVERT(VARCHAR,1),CONVERT(VARCHAR,1)%20FROM%20MASTER..SYSDATABASES--& txtPassword=password&action=login&session=1 ......................... ** Scan Complete **



Network Security Tools
Network Security Tools: Writing, Hacking, and Modifying Security Tools
ISBN: 0596007949
EAN: 2147483647
Year: 2006
Pages: 110

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net