Let us know what you would like to see improved, questions on how best to use the tool or anything else.
I ran scrawlr on my site as I had already been infected once with fgg.jsHowever the page that was infected was not in the list of pages scanned
The site is www.biscount.com
the folder in question is down loads
it contains the following files
beta.htmflash.htmhhwebinstall.htmL10HC_FlashParams.txtnews.htmlupdate_notes.htmvb6_page.htmwelcome.html
scrawler only scans
news.htmlhhwebinstall.htmvb6_page.htmbeta.htmupdate_notes.htm
it misses
welcome.htmlflash.htmL10HC_FlashParams.txt
and welcome.html is the file that was infected - how is your program useful if it misses pages that are vunerable?
Any ideas what is the problem?
IT would be good, if there was a simple one or two pages about how the basic process worked, as it is not finding some links on one site we were testing it on. (which to us appeared as normal links that a crawler should have found).
Thanks
Steve
I found plenty of vulnerable pages on my site and fixed them thanks to scrawlr. It was also useful to get me thinking along the lines that I better validate any forms data before sending it to a SQL command. I used both truncation and replace statements to fix up my code. Funny thing is that the best test to see if all my fixes work will be if I get re-injected! I am using the injection attack as the ultimate test of my website. The bad people are sending my website users to x.18x.com