SQL Injection on asp - Check website for vulnerability

Started by amitkedia, Jul 20, 2022, 01:05 AM

Previous topic - Next topic

amitkediaTopic starter

Good day,

I work as a web specialist at one company, recently the management gave the task to check our site for threats from intruders.
The site does not represent any value, the content that is on the site is updated very rarely. However, management has its own vision on this matter.
I understand that it would be wiser to entrust this matter to professionals.

As a result, the task is as follows, check the site for vulnerability. Immediately remembered sql injections. Looking for articles about this topic.  In my case, the site is written in asp. And the examples that are described in the article do not work in my case.

At the end, I decided to turn to the forum and ask for advice.

Website content currently includes the following:

windows server / IIS 7.0 / Database: MySQL / Managed by: Myphpadmin / pages written in asp.net

Dear forum users, tell me something useful, and to which direction should we move.

Thanks.
  •  

Hitesh Patel

If injection goes into the server, then you can already find out what kind of server.
To approx. query to MySQL server SHOW VARIABLES. SHOW VARIABLES -> version.
But generally, in theory, yes, if you didn't find a hole, then you won't know what kind of database server engine it is.

It is necessary to select queries for injection with universal SQL keywords. But the important thing is to see the server's response, already by the response you can find out about the server engine DB.
  •