0

I'm helping a collegue of mine to test if his website is completely SQLi-proof. It looks promising, but i'm trying to make sure, and by chance I know he's using pg_escape_string to sanitize his POST input.

This may be a stupid question, but I'd like to know, if there is a way to specify the escape method for SQLMap?

Also as long as I'm here, I'd like to ask for opinions which would be the best escape method to use (PHP-PostgreSQL combination) is pg_escape_string sufficient or should he use something else?

Improve this question
2
  • I think sqlmap does that automatically as per their documentation github.com/sqlmapproject/sqlmap/wiki/…
    – Sravan
    CommentedSep 15, 2016 at 12:10
  • Thanks, I looked through it but couldn't really find much on this topic. What is weird, is that if I don't specify that it'S PostgreSQL it decides that it'S either MySQL or Oracle, and I doN't know why it does that...
    – WolfyD
    CommentedSep 15, 2016 at 12:56

2 Answers 2

Reset to default
1

Have a look on PHP PostgreSQL Prepared Statements. It will escape your variables just fine and it will help you with forgetting to escape something, or double-escape.

Improve this answer
0
    1

    Using sqlmap to look for sql injection vulnerabilities when you have access to source code is the wrong approach. There are many reasons for this, but allow me to mention a few:

    1. sqlmap cannot defeat application logic.
    2. sqlmap sometimes has false negatives.
    3. sqlmap cannot find or exploit all types of injections, such as second order injection.
    4. sqlmap is going to be very slow as it tries to brute force many types of injection vectors
    5. sqlmap cannot find xss, cmd injection, ssrf and other flaws that may be present in the source code.

    You should look at using a source code analysis tool like rips, rats or graudit in combination with your database and web server logs to find and verify these (and other types) vulnerabilities.

    Improve this answer
    1
    • Thank you, this was a helpful post. I do have a few reasons for using sqlmap though. First of all I doN't really have access to the source. I managed a peak at the login php when first time I instantly broke it with ' OR 1=1 -- and he added the escaping in front of me. Also the creators sqlmap have a way better understanding of SQL vulnerabilities than me. I doN't trust that I could find every fault in the script if I just looked through it. Time I have. I will look into those tools though when I'm done with the SQLi tests and get onto other types of vulnerabilities. Thank you
      – WolfyD
      CommentedSep 16, 2016 at 6:31

    You must log in to answer this question.

    Start asking to get answers

    Find the answer to your question by asking.

    Ask question

    Explore related questions

    See similar questions with these tags.