LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to check login protected pages for sql injection and xss attack
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-27-2016, 04:31 AM   #1
unclesamcrazy
Member
 
Registered: May 2013
Posts: 200

Rep: Reputation: 1
How to check login protected pages for sql injection and xss attack

I have a web application where I have to check sql injection attacks and XSS attacks. Maximum number of forms are login protected. When user logs in, he is able to see those forms like
  • Create Class
  • Update Class
  • Create Lesson
  • Update Lesson
  • Post Question
  • Answer Question
If non-logged in user, hits these urls, it sends him on the login page.
How can I test these pages for sql injection and XSS.

Please help.

Regards
SAM
 
Old 07-27-2016, 05:38 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,474

Rep: Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553Reputation: 1553
https://detectify.com/

If you want a recommendation for a good web application vulnerability testing company let me know.
 
Old 07-27-2016, 02:53 PM   #3
mralk3
Slackware Contributor
 
Registered: May 2015
Distribution: Slackware
Posts: 1,900

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
I like to use sqlmap, nikto, w3af. I am not a penetration tester or anything so I may be wrong. It is best if you install them from Git.

http://sqlmap.org/
https://cirt.net/Nikto2
http://w3af.org/
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQL Injection attack against my server sneakyimp Linux - Security 22 12-10-2015 08:03 AM
how could I search my wordpress sql dump for ifames, xss, or malware mia_tech Linux - General 3 12-27-2013 08:55 AM
LXer: XSS Injection Vulnerability in WordPress 3.2.1 LXer Syndicated Linux News 0 08-14-2011 11:40 PM
Apache Foundation Hit by Targeted XSS Attack win32sux Linux - Security 13 05-15-2010 02:13 AM
LXer: Security gone awry: IE 8 XSS filter exposes sites to XSS attack LXer Syndicated Linux News 0 04-20-2010 06:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:47 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration