QueryParam Scanner

While performing penetration tests, our customers ask us to provide them with solutions that can avoid ‘bad things’ from happening to their assets. In case of web applications, we suggest techniques like two or more tire application frameworks, sanitisizing inputs, etc., depending on the programming language, databases and other factors. One of the pointers that we give our customers is – if they use MSSQL database & ColdFusion, they are more prone to SQL injections and a better way to avoid those is by using CFQUERYPARAM.

We advice them to validate anything that is passed on to the URL or in the Form scope to be sure it is what it should be and that to never rely on client side validation. In addition to that, we advice that they write validation routines for form inputs.

Now, this can be achieved programmatically or, by using a FREEWARE application – QueryParam Scanner. It is a simple tool that scans the codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag. Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query! It becomes much easier with a list in front of you.

It’s current features are:

Finds all variables in cfquery without a surrounding cfqueryparam.
Displays filenames, line number and query contents for all potential risks.
Ability to scan any directory on local filesystem.
Option to include/exclude child directories.
Option to include/exclude ORDER BY clauses.
Option to list which scopes any variables belong to.
Option to highlight variables in client scopes.
Significantly faster processing (compared to v0.6).
Multiple output formats (HTML, XML, WDDX).
Ability to override Request Timeout.
Option to specify file/directory exclusions (regex).
Option to include/exclude Query of Queries.
Option to include/exclude built-in CFML functions.
Eclipse Plugin for easier execution.

A sample screen shot that displays the potential risks:

qpscanner v0.7 s3 QueryParam Scanner

It’s pre-requisites are either of the following: ColdFusion 8, ColdFusion MX7, BlueDragon 7, Railo 2, Railo 3.

Now, the latest version which was released last year is v0.7.1. You can download it here or, read about QueryParam Scanner here.

Related External Links

ml0-320 | Download Free latest Actualtests Certification Exam …

Top Tools For Penetration Testing (Security Analysis/Hacking …

January 19, 2010 -- Grabber: A Web Application Scanner!
January 15, 2010 -- List of Free Web Application Scanners!
January 9, 2010 -- UPDATE: Burp Suite v1.3!
December 10, 2009 -- NetSparker: A Promising Web Application Security Scanner!
November 20, 2009 -- Update : Katana v1.0 – Kyuzo
July 31, 2009 -- UWSS – Uber Web Security Scanner
February 20, 2009 -- SQLNinja: A SQL Injector!
March 15, 2010 -- UPDATE: sqlmap 0.8 Final!
March 14, 2010 -- WebCastellum: An Open Source WAF!

Tagged as: Penetration Testing, QueryParam Scanner, SQL Injection, Web Application Penetration Testing

Black: @sanyal, I do not know why is it not downloading the version 0.8 for you! We have this link from SF which will...
sanyal: Hi, The download link goes to sourceforge.net 0.7 version. Needs to point to 0.8
hideaki: There’s also xt_pknock which seems to capable of much more.
stacksmasher: Any word on a quick tutorial for this tool?
ne01982: No, I had written the supplied OEM code, But the site says that is a wrong OEM code. Thanks for your time
ne01982: Hi, M8s, I´m affraid, this code doesnt work. Thanks anyway. Regards
rcarter: “You have submitted an unknown OEM Code or no code at all.”

Related External Links

Related Posts

Twitter

Tag Cloud

Archives

Meta

Recently Updated Posts

Recently Updated Pages

Feed Count:

Site Search:

Categories

Recent Comments

Most Viewed Pages