Results 1 to 7 of 7
  1. #1
    christopherx is offline Member
    Join Date
    Oct 2011
    Posts
    92
    Rep Power
    0

    Default Checking an error message from a website.

    Hey there. I'm planning a little app to analyze website URL's and check if they're vulnerable to SQL Injection. Now as I understand it, a commonly employed method for checking is to find query strings and put a little " ' " next to the parameter. Obviously this makes an invalid query and the server returns an error. I was wondering if Java has some classes that let's me check this error. I understand that a more web based language might be more appropriate, and if that is strongly the case then I have no problem moving onto something different, but being bumped in the right direction by someone would be quite nice!! Thanks guys :)

  2. #2
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,953
    Rep Power
    19

    Default Re: Checking an error message from a website.

    Surely that would only work if the website returned the error?
    And, indeed, would be entirely dependent on the code used on the server?
    PHP would be different from ASP would be different from Java...and then all the various frameworks underneath.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  3. #3
    christopherx is offline Member
    Join Date
    Oct 2011
    Posts
    92
    Rep Power
    0

    Default Re: Checking an error message from a website.

    Agreed. But this is an error returned by the SQL engine,
    Which makes it a lot more similar than first thought, In theory.

    One solution I was thinking of was to attempt to navigate to
    The Test URL, save the web page and open it as a text file,
    Then use regular expressions to see if key phrases are flagged up.

    Seems like quite a long winded solution, and I can already see some
    potential problems ( websites about SQL perhaps). What do
    You think?

  4. #4
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,953
    Rep Power
    19

    Default Re: Checking an error message from a website.

    What SQL engine?
    And how does that message get from the database to the front end?

    Maybe I'm confused here...are we talking about any websites, or a particular one in which this message is sent to the client browser?
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  5. #5
    christopherx is offline Member
    Join Date
    Oct 2011
    Posts
    92
    Rep Power
    0

    Default Re: Checking an error message from a website.

    Ah yeah that's a good point. The idea was
    For this tool to work on any website but Yeah.
    I was working on the assumption that most SQL errors are displayed
    On the front end browser.. Might be a little bit more difficult than I first imagined :P

    Do you have any ideas for a better solution?

  6. #6
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,953
    Rep Power
    19

    Default Re: Checking an error message from a website.

    Nope.
    Displaying errors from the backend raw is considered a pretty big security hole.
    No website I have worked on would do it. Any that haven't been handled and have managed to get all the way back to the top of the server stack are turned into generic "there's been a problem" errors.

    So you won't be able to do what you're planning.
    Please do not ask for code as refusal often offends.

    ** This space for rent **

  7. #7
    christopherx is offline Member
    Join Date
    Oct 2011
    Posts
    92
    Rep Power
    0

    Default Re: Checking an error message from a website.

    Ah well. Thank you for the advice!!!

Similar Threads

  1. help to checking the error!!
    By vitorloke in forum New To Java
    Replies: 34
    Last Post: 04-26-2012, 06:50 PM
  2. 'else' without 'if' error message
    By jim01 in forum New To Java
    Replies: 6
    Last Post: 04-22-2011, 09:10 PM
  3. error message
    By tri.yudhanto in forum JDBC
    Replies: 0
    Last Post: 01-13-2011, 01:20 PM
  4. Error Checking not working correctly
    By RickAintree in forum New To Java
    Replies: 1
    Last Post: 12-15-2010, 01:54 PM
  5. Error Message ..
    By Hamodi18 in forum New To Java
    Replies: 15
    Last Post: 07-11-2010, 03:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •