Scrawlr

Re: Scrawlr Rants and Raves

efelsenthal — Tue, 08 Sep 2009 19:47:57 GMT

I found plenty of vulnerable pages on my site and fixed them thanks to scrawlr. It was also useful to get me thinking along the lines that I better validate any forms data before sending it to a SQL command. I used both truncation and replace statements to fix up my code. Funny thing is that the best test to see if all my fixes work will be if I get re-injected! I am using the injection attack as the ultimate test of my website. The bad people are sending my website users to x.18x.com

Re: Scrawlr Rants and Raves

StephenKelly2000 — Fri, 25 Jul 2008 04:16:23 GMT

IT would be good, if there was a simple one or two pages about how the basic process worked, as it is not finding some links on one site we were testing it on. (which to us appeared as normal links that a crawler should have found).

Thanks

Steve

Re: Scrawlr Rants and Raves

Biscount92 — Wed, 23 Jul 2008 07:53:19 GMT

I ran scrawlr on my site as I had already been infected once with fgg.js
However the page that was infected was not in the list of pages scanned

The site is www.biscount.com

the folder in question is down loads

it contains the following files

beta.htm
flash.htm
hhwebinstall.htm
L10HC_FlashParams.txt
news.html
update_notes.htm
vb6_page.htm
welcome.html

scrawler only scans

news.html
hhwebinstall.htm
vb6_page.htm
beta.htm
update_notes.htm

it misses

welcome.html
flash.htm
L10HC_FlashParams.txt

and welcome.html is the file that was infected - how is your program useful if it misses pages that are vunerable?

Any ideas what is the problem?

Scrawlr Rants and Raves

erik.peterson — Wed, 25 Jun 2008 01:14:13 GMT

Let us know what you would like to see improved, questions on how best to use the tool or anything else.