

SQLMap: The automated SQL Injection and database takeover tool - SchizoDuckie
http://sqlmap.org

======
SchizoDuckie
I'm posting this here because there are still too many people that do not know
how dangerous a single SQL injection vulnerability in your code can be. It
does _not_ matter if your page just throws an sql syntax error to screen. The
query could be crafted so that it doesn't throw an error! Relevant:
[https://news.ycombinator.com/item?id=6845195](https://news.ycombinator.com/item?id=6845195)

If you are a programmer, or manage websites for somebody else it should be
your duty to know that this tool exists and how easy it is to completely empty
out a database. (this is how 99% of the 'sql password dump for major site $x'
are generated.

How does it work? Please watch the video:
[http://www.youtube.com/watch?feature=player_embedded&v=RsQ52...](http://www.youtube.com/watch?feature=player_embedded&v=RsQ52eCcTi4)

------
Eyes2design
This looks in interesting. I wonder how some things i have been working with
will prevail.

~~~
SchizoDuckie
Download the tarball, extract it and test it :) It's super easy to use.

Please post the results :)

~~~
Eyes2design
I'm doing that right now, I work in frameworks like Zend and your never fully
sure if there are any blackholes that your missing. although I will say, I
have it always on the back of my mind to prevent such things from happening as
best I can, but extra open source attempts can be handy.

